<html><body>
<style>

body, h1, h2, h3, div, span, p, pre, a {
  margin: 0;
  padding: 0;
  border: 0;
  font-weight: inherit;
  font-style: inherit;
  font-size: 100%;
  font-family: inherit;
  vertical-align: baseline;
}

body {
  font-size: 13px;
  padding: 1em;
}

h1 {
  font-size: 26px;
  margin-bottom: 1em;
}

h2 {
  font-size: 24px;
  margin-bottom: 1em;
}

h3 {
  font-size: 20px;
  margin-bottom: 1em;
  margin-top: 1em;
}

pre, code {
  line-height: 1.5;
  font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
}

pre {
  margin-top: 0.5em;
}

h1, h2, h3, p {
  font-family: Arial, sans serif;
}

h1, h2, h3 {
  border-bottom: solid #CCC 1px;
}

.toc_element {
  margin-top: 0.5em;
}

.firstline {
  margin-left: 2 em;
}

.method  {
  margin-top: 1em;
  border: solid 1px #CCC;
  padding: 1em;
  background: #EEE;
}

.details {
  font-weight: bold;
  font-size: 14px;
}

</style>

<h1><a href="compute_alpha.html">Compute Engine API</a> . <a href="compute_alpha.interconnectAttachmentGroups.html">interconnectAttachmentGroups</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
  <code><a href="#close">close()</a></code></p>
<p class="firstline">Close httplib2 connections.</p>
<p class="toc_element">
  <code><a href="#createMembers">createMembers(project, interconnectAttachmentGroup, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Create Interconnect Attachments with redundancy by creating them in a</p>
<p class="toc_element">
  <code><a href="#delete">delete(project, interconnectAttachmentGroup, requestId=None, x__xgafv=None)</a></code></p>
<p class="firstline">Deletes the specified InterconnectAttachmentGroup in the given scope</p>
<p class="toc_element">
  <code><a href="#get">get(project, interconnectAttachmentGroup, x__xgafv=None)</a></code></p>
<p class="firstline">Returns the specified InterconnectAttachmentGroup resource in the given</p>
<p class="toc_element">
  <code><a href="#getIamPolicy">getIamPolicy(project, resource, optionsRequestedPolicyVersion=None, x__xgafv=None)</a></code></p>
<p class="firstline">Gets the access control policy for a resource. May be empty if no such</p>
<p class="toc_element">
  <code><a href="#getOperationalStatus">getOperationalStatus(project, interconnectAttachmentGroup, x__xgafv=None)</a></code></p>
<p class="firstline">Returns the InterconnectAttachmentStatuses for the specified</p>
<p class="toc_element">
  <code><a href="#insert">insert(project, body=None, requestId=None, x__xgafv=None)</a></code></p>
<p class="firstline">Creates a InterconnectAttachmentGroup in the specified project in the given</p>
<p class="toc_element">
  <code><a href="#list">list(project, filter=None, maxResults=None, orderBy=None, pageToken=None, returnPartialSuccess=None, x__xgafv=None)</a></code></p>
<p class="firstline">Lists the InterconnectAttachmentGroups for a project in the given scope.</p>
<p class="toc_element">
  <code><a href="#list_next">list_next()</a></code></p>
<p class="firstline">Retrieves the next page of results.</p>
<p class="toc_element">
  <code><a href="#patch">patch(project, interconnectAttachmentGroup, body=None, requestId=None, updateMask=None, x__xgafv=None)</a></code></p>
<p class="firstline">Patches the specified InterconnectAttachmentGroup resource with the data</p>
<p class="toc_element">
  <code><a href="#setIamPolicy">setIamPolicy(project, resource, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Sets the access control policy on the specified resource.</p>
<p class="toc_element">
  <code><a href="#testIamPermissions">testIamPermissions(project, resource, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Returns permissions that a caller has on the specified resource.</p>
<h3>Method Details</h3>
<div class="method">
    <code class="details" id="close">close()</code>
  <pre>Close httplib2 connections.</pre>
</div>

<div class="method">
    <code class="details" id="createMembers">createMembers(project, interconnectAttachmentGroup, body=None, x__xgafv=None)</code>
  <pre>Create Interconnect Attachments with redundancy by creating them in a
specified interconnect attachment group.

Args:
  project: string, Project ID for this request. (required)
  interconnectAttachmentGroup: string, Name of the group resource to create members for. (required)
  body: object, The request body.
    The object takes the form of:

{
  &quot;request&quot;: {
    &quot;attachments&quot;: [ # Parameters for the specific Attachments to create.
      { # LINT.IfChange
          # Parameters used to create an InterconnectAttachment. This is similar to
          # InterconnectAttachment, but the region field used here is not output only
          # and all other output only fields are excluded.
        &quot;adminEnabled&quot;: True or False, # Determines whether this Attachment will carry packets.
            # Not present for PARTNER_PROVIDER.
        &quot;bandwidth&quot;: &quot;A String&quot;, # Provisioned bandwidth capacity for the interconnect attachment. For
            # attachments of type DEDICATED, the user can set the bandwidth.
            # For attachments of type PARTNER, the Google Partner that is operating
            # the interconnect must set the bandwidth.
            # Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED,
            # and can take one of the following values:
            #
            #    - BPS_50M: 50 Mbit/s
            #    - BPS_100M: 100 Mbit/s
            #    - BPS_200M: 200 Mbit/s
            #    - BPS_300M: 300 Mbit/s
            #    - BPS_400M: 400 Mbit/s
            #    - BPS_500M: 500 Mbit/s
            #    - BPS_1G: 1 Gbit/s
            #    - BPS_2G: 2 Gbit/s
            #    - BPS_5G: 5 Gbit/s
            #    - BPS_10G: 10 Gbit/s
            #    - BPS_20G: 20 Gbit/s
            #    - BPS_50G: 50 Gbit/s
            #    - BPS_100G: 100 Gbit/s
        &quot;candidateCloudRouterIpAddress&quot;: &quot;A String&quot;, # Single IPv4 address + prefix length to be configured on the cloud router
            # interface for this interconnect attachment.
            #
            #    - Both candidate_cloud_router_ip_address and
            #    candidate_customer_router_ip_address fields must be set or both must be
            #    unset.
            #    - Prefix length of both candidate_cloud_router_ip_address and
            #    candidate_customer_router_ip_address must be the same.
            #    - Max prefix length is 31.
        &quot;candidateCloudRouterIpv6Address&quot;: &quot;A String&quot;, # Single IPv6 address + prefix length to be configured on the cloud router
            # interface for this interconnect attachment.
            #
            #    - Both candidate_cloud_router_ipv6_address and
            #    candidate_customer_router_ipv6_address fields must be set or both must be
            #    unset.
            #    - Prefix length of both candidate_cloud_router_ipv6_address and
            #    candidate_customer_router_ipv6_address must be the same.
            #    - Max prefix length is 126.
        &quot;candidateCustomerRouterIpAddress&quot;: &quot;A String&quot;, # Single IPv4 address + prefix length to be configured on the customer
            # router interface for this interconnect attachment.
        &quot;candidateCustomerRouterIpv6Address&quot;: &quot;A String&quot;, # Single IPv6 address + prefix length to be configured on the customer
            # router interface for this interconnect attachment.
        &quot;candidateIpv6Subnets&quot;: [ # This field is not available.
          &quot;A String&quot;,
        ],
        &quot;candidateSubnets&quot;: [ # Input only. Up to 16 candidate prefixes that can be used to restrict the allocation
            # of cloudRouterIpAddress and customerRouterIpAddress for this attachment.
            # All prefixes must be within link-local address space (169.254.0.0/16) and
            # must be /29 or shorter (/28, /27, etc). Google will attempt to select an
            # unused /29 from the supplied candidate prefix(es). The request will fail
            # if all possible /29s are in use on Google&#x27;s edge. If not supplied, Google
            # will randomly select an unused /29 from all of link-local space.
          &quot;A String&quot;,
        ],
        &quot;cloudRouterIpv6InterfaceId&quot;: &quot;A String&quot;, # This field is not available.
        &quot;customerRouterIpv6InterfaceId&quot;: &quot;A String&quot;, # This field is not available.
        &quot;description&quot;: &quot;A String&quot;, # An optional description of this resource.
        &quot;edgeAvailabilityDomain&quot;: &quot;A String&quot;, # Input only. Desired availability domain for the attachment. Only available for type
            # PARTNER, at creation time, and can take one of the following values:
            #
            #    - AVAILABILITY_DOMAIN_ANY
            #    - AVAILABILITY_DOMAIN_1
            #    - AVAILABILITY_DOMAIN_2
            #
            #
            # For improved reliability, customers should configure a pair of
            # attachments, one per availability domain. The selected availability
            # domain will be provided to the Partner via the pairing key, so that the
            # provisioned circuit will lie in the specified domain. If not specified,
            # the value will default to AVAILABILITY_DOMAIN_ANY.
        &quot;encryption&quot;: &quot;A String&quot;, # Indicates the user-supplied encryption option of this VLAN attachment
            # (interconnectAttachment). Can only be specified at attachment creation
            # for PARTNER or DEDICATED attachments.
            # Possible values are:
            #
            #    - alpha - This is the default value, which means that
            #    the VLAN attachment carries unencrypted traffic. VMs are able to send
            #    traffic to, or receive traffic from, such a VLAN attachment.
            #    - IPSEC - The VLAN attachment carries only encrypted
            #    traffic that is encrypted by an IPsec device, such as an HA VPN gateway
            #    or third-party IPsec VPN. VMs cannot directly send traffic to, or receive
            #    traffic from, such a VLAN attachment. To use *HA VPN over Cloud
            #    Interconnect*, the VLAN attachment must be created with this
            #    option.
        &quot;interconnect&quot;: &quot;A String&quot;, # URL of the underlying Interconnect object that this attachment&#x27;s traffic
            # will traverse through.
        &quot;ipsecInternalAddresses&quot;: [ # A list of URLs of addresses that have been reserved for the VLAN
            # attachment. Used only for the VLAN attachment that has the encryption
            # option as IPSEC. The addresses must be regional internal IP address
            # ranges. When creating an HA VPN gateway over the VLAN attachment, if the
            # attachment is configured to use a regional internal IP address, then the
            # VPN gateway&#x27;s IP address is allocated from the IP address range specified
            # here. For example, if the HA VPN gateway&#x27;s interface 0 is paired to this
            # VLAN attachment, then a regional internal IP address for the VPN gateway
            # interface 0 will be allocated from the IP address specified for this
            # VLAN attachment.
            # If this field is not specified when creating the VLAN attachment, then
            # later on when creating an HA VPN gateway on this VLAN attachment, the HA
            # VPN gateway&#x27;s IP address is allocated from the regional external IP
            # address pool.
          &quot;A String&quot;,
        ],
        &quot;l2Forwarding&quot;: { # L2 Interconnect Attachment related configuration. # L2 Interconnect Attachment related config. This field is required if the
            # type is L2_DEDICATED.
            #
            # The configuration specifies how VLAN tags (like dot1q, qinq, or dot1ad)
            # within L2 packets are mapped to the destination appliances IP addresses.
            # The packet is then encapsulated with the appliance IP address and sent to
            # the edge appliance.
          &quot;applianceMappings&quot;: { # Optional. A map of VLAN tags to appliances and optional inner mapping
              # rules. If VLANs are not explicitly mapped to any appliance, the
              # defaultApplianceIpAddress is used.
              #
              # Each VLAN tag can be a single number or a range of numbers in the range
              # of 1 to 4094, e.g., &quot;1&quot; or &quot;4001-4094&quot;. Non-empty and non-overlapping
              # VLAN tag ranges are enforced, and violating operations will be rejected.
              #
              # The VLAN tags in the Ethernet header must use an ethertype value of
              # 0x88A8 or 0x8100.
            &quot;a_key&quot;: { # Two-level VLAN-to-Appliance mapping rule.
              &quot;applianceIpAddress&quot;: &quot;A String&quot;, # Optional. A single IPv4 or IPv6 address used as the destination IP
                  # address for ingress packets that match on a VLAN tag, but do not match
                  # a more specific inner VLAN tag.
                  #
                  # Unset field (null-value) indicates both VLAN tags are required to be
                  # mapped. Otherwise, defaultApplianceIpAddress is used.
              &quot;innerVlanToApplianceMappings&quot;: [ # Optional. Used to match against the inner VLAN when the packet
                  # contains two VLAN tags.
                  #
                  # A list of mapping rules from inner VLAN tags to IP addresses. If the
                  # inner VLAN is not explicitly mapped to an IP address range, the
                  # applianceIpAddress is used.
                { # The inner VLAN-to-Appliance mapping.
                  &quot;innerApplianceIpAddress&quot;: &quot;A String&quot;, # Required in this object. A single IPv4 or IPv6 address used as the
                      # destination IP address for ingress packets that match on both VLAN
                      # tags.
                  &quot;innerVlanTags&quot;: [ # Required in this object. Used to match the inner VLAN tag on the
                      # packet. Each entry can be a single number or a range of numbers in
                      # the range of 1 to 4094, e.g., [&quot;1&quot;, &quot;4001-4094&quot;] is valid. Non-empty
                      # and Non-overlapping VLAN tag ranges are enforced, and violating
                      # operations will be rejected.
                      #
                      # The inner VLAN tags must have an ethertype value of 0x8100.
                    &quot;A String&quot;,
                  ],
                },
              ],
              &quot;name&quot;: &quot;A String&quot;, # Optional. The name of this appliance mapping rule.
            },
          },
          &quot;defaultApplianceIpAddress&quot;: &quot;A String&quot;, # Optional. A single IPv4 or IPv6 address used as the default destination
              # IP when there is no VLAN mapping result found.
              #
              # Unset field (null-value) indicates the unmatched packet should be
              # dropped.
          &quot;geneveHeader&quot;: { # GeneveHeader related configurations. # Optional. It represents the structure of a Geneve (Generic Network
              # Virtualization Encapsulation) header, as defined in RFC8926. It encapsulates packets from various
              # protocols (e.g., Ethernet, IPv4, IPv6) for use in network virtualization
              # environments.
            &quot;vni&quot;: 42, # Optional. VNI is a 24-bit unique virtual network identifier, from 0 to
                # 16,777,215.
          },
          &quot;network&quot;: &quot;A String&quot;, # Required. Resource URL of the network to which this attachment belongs.
          &quot;tunnelEndpointIpAddress&quot;: &quot;A String&quot;, # Required. A single IPv4 or IPv6 address. This address will be used as the
              # source IP address for packets sent to the appliances, and must be used as
              # the destination IP address for packets that should be sent out through
              # this attachment.
        },
        &quot;mtu&quot;: 42, # Maximum Transmission Unit (MTU), in bytes, of packets passing through
            # this interconnect attachment. Valid values are 1440, 1460,
            # 1500, or 8896. If not specified, the value will default to 1440.
        &quot;multicastEnabled&quot;: True or False, # Whether or not to permit multicast traffic for this attachment. Multicast
            # packets will be dropped if this is not enabled.
        &quot;name&quot;: &quot;A String&quot;, # Name of the resource. Provided by the client when the resource is
            # created. Must be set on either the template_attachment or on each
            # specific attachment. If set, the name must be 1-63 characters long, and
            # comply with RFC1035. Specifically, the name must be 1-63
            # characters long and match the regular expression
            # `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a
            # lowercase letter, and all following characters must be a dash, lowercase
            # letter, or digit, except the last character, which cannot be a dash.
        &quot;pairingKey&quot;: &quot;A String&quot;, # [Output only for type PARTNER. Input only for PARTNER_PROVIDER. Not
            # present for DEDICATED].
            # The opaque identifier of a PARTNER attachment used to initiate
            # provisioning with a selected partner.
            # Of the form &quot;XXXXX/region/domain&quot;
        &quot;partnerAsn&quot;: &quot;A String&quot;, # Optional BGP ASN for the router supplied by a Layer 3 Partner if they
            # configured BGP on behalf of the customer.
            # Output only for PARTNER type, input only for PARTNER_PROVIDER, not
            # available for DEDICATED.
        &quot;partnerMetadata&quot;: { # Informational metadata about Partner attachments from Partners to display # Informational metadata about Partner attachments from Partners to display
            # to customers.
            # Output only for PARTNER type, mutable for PARTNER_PROVIDER, not
            # available for DEDICATED.
            # to customers.  These fields are propagated from PARTNER_PROVIDER
            # attachments to their corresponding PARTNER attachments.
          &quot;interconnectName&quot;: &quot;A String&quot;, # Plain text name of the Interconnect this attachment is connected to, as
              # displayed in the Partner&#x27;s portal. For instance &quot;Chicago 1&quot;.
              # This value may be validated to match approved Partner values.
          &quot;partnerName&quot;: &quot;A String&quot;, # Plain text name of the Partner providing this attachment.
              # This value may be validated to match approved Partner values.
          &quot;portalUrl&quot;: &quot;A String&quot;, # URL of the Partner&#x27;s portal for this Attachment. Partners may customise
              # this to be a deep link to the specific resource on the Partner portal.
              # This value may be validated to match approved Partner values.
        },
        &quot;region&quot;: &quot;A String&quot;, # The region that the Attachment is in.
        &quot;router&quot;: &quot;A String&quot;, # URL of the Cloud Router to be used for dynamic routing. This router must
            # be in the same region as this InterconnectAttachment. The
            # InterconnectAttachment will automatically connect the Interconnect to the
            # network &amp; region within which the Cloud Router is configured.
        &quot;stackType&quot;: &quot;A String&quot;, # The stack type for this interconnect attachment to identify whether the
            # IPv6 feature is enabled or not. If not specified, IPV4_ONLY
            # will be used.
            #
            # This field can be both set at interconnect attachments creation and
            # update interconnect attachment operations.
        &quot;subnetLength&quot;: 42, # Input only. Length of the IPv4 subnet mask.
            # Allowed values:
            #
            #
            #     - 29 (default)
            #     - 30
            #
            # The default value is 29, except for Cross-Cloud Interconnect
            # connections that use an InterconnectRemoteLocation with a
            # constraints.subnetLengthRange.min equal to 30. For example,
            # connections that use an Azure remote location fall into this
            # category. In these cases, the default value is 30, and requesting
            # 29 returns an error.
            #
            # Where both 29 and 30 are allowed, 29 is preferred, because it gives
            # Google Cloud Support more debugging visibility.
        &quot;type&quot;: &quot;A String&quot;, # The type of interconnect attachment this is, which can take one of the
            # following values:
            #
            #    - DEDICATED: an attachment to a Dedicated Interconnect.
            #    - PARTNER: an attachment to a Partner Interconnect, created by the
            #    customer.
            #    - PARTNER_PROVIDER: an attachment to a Partner Interconnect, created by
            #    the partner.
        &quot;vlanTag8021q&quot;: 42, # The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4093.
            # Only specified at creation time.
      },
    ],
    &quot;intentMismatchBehavior&quot;: &quot;A String&quot;, # How to behave when configured.availabilitySLA.effectiveSLA would not equal
        # intent.availabilitySLA after this call.
    &quot;templateAttachment&quot;: { # LINT.IfChange # Default parameters for the Attachments to create in this call.
        # Parameters used to create an InterconnectAttachment. This is similar to
        # InterconnectAttachment, but the region field used here is not output only
        # and all other output only fields are excluded.
      &quot;adminEnabled&quot;: True or False, # Determines whether this Attachment will carry packets.
          # Not present for PARTNER_PROVIDER.
      &quot;bandwidth&quot;: &quot;A String&quot;, # Provisioned bandwidth capacity for the interconnect attachment. For
          # attachments of type DEDICATED, the user can set the bandwidth.
          # For attachments of type PARTNER, the Google Partner that is operating
          # the interconnect must set the bandwidth.
          # Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED,
          # and can take one of the following values:
          #
          #    - BPS_50M: 50 Mbit/s
          #    - BPS_100M: 100 Mbit/s
          #    - BPS_200M: 200 Mbit/s
          #    - BPS_300M: 300 Mbit/s
          #    - BPS_400M: 400 Mbit/s
          #    - BPS_500M: 500 Mbit/s
          #    - BPS_1G: 1 Gbit/s
          #    - BPS_2G: 2 Gbit/s
          #    - BPS_5G: 5 Gbit/s
          #    - BPS_10G: 10 Gbit/s
          #    - BPS_20G: 20 Gbit/s
          #    - BPS_50G: 50 Gbit/s
          #    - BPS_100G: 100 Gbit/s
      &quot;candidateCloudRouterIpAddress&quot;: &quot;A String&quot;, # Single IPv4 address + prefix length to be configured on the cloud router
          # interface for this interconnect attachment.
          #
          #    - Both candidate_cloud_router_ip_address and
          #    candidate_customer_router_ip_address fields must be set or both must be
          #    unset.
          #    - Prefix length of both candidate_cloud_router_ip_address and
          #    candidate_customer_router_ip_address must be the same.
          #    - Max prefix length is 31.
      &quot;candidateCloudRouterIpv6Address&quot;: &quot;A String&quot;, # Single IPv6 address + prefix length to be configured on the cloud router
          # interface for this interconnect attachment.
          #
          #    - Both candidate_cloud_router_ipv6_address and
          #    candidate_customer_router_ipv6_address fields must be set or both must be
          #    unset.
          #    - Prefix length of both candidate_cloud_router_ipv6_address and
          #    candidate_customer_router_ipv6_address must be the same.
          #    - Max prefix length is 126.
      &quot;candidateCustomerRouterIpAddress&quot;: &quot;A String&quot;, # Single IPv4 address + prefix length to be configured on the customer
          # router interface for this interconnect attachment.
      &quot;candidateCustomerRouterIpv6Address&quot;: &quot;A String&quot;, # Single IPv6 address + prefix length to be configured on the customer
          # router interface for this interconnect attachment.
      &quot;candidateIpv6Subnets&quot;: [ # This field is not available.
        &quot;A String&quot;,
      ],
      &quot;candidateSubnets&quot;: [ # Input only. Up to 16 candidate prefixes that can be used to restrict the allocation
          # of cloudRouterIpAddress and customerRouterIpAddress for this attachment.
          # All prefixes must be within link-local address space (169.254.0.0/16) and
          # must be /29 or shorter (/28, /27, etc). Google will attempt to select an
          # unused /29 from the supplied candidate prefix(es). The request will fail
          # if all possible /29s are in use on Google&#x27;s edge. If not supplied, Google
          # will randomly select an unused /29 from all of link-local space.
        &quot;A String&quot;,
      ],
      &quot;cloudRouterIpv6InterfaceId&quot;: &quot;A String&quot;, # This field is not available.
      &quot;customerRouterIpv6InterfaceId&quot;: &quot;A String&quot;, # This field is not available.
      &quot;description&quot;: &quot;A String&quot;, # An optional description of this resource.
      &quot;edgeAvailabilityDomain&quot;: &quot;A String&quot;, # Input only. Desired availability domain for the attachment. Only available for type
          # PARTNER, at creation time, and can take one of the following values:
          #
          #    - AVAILABILITY_DOMAIN_ANY
          #    - AVAILABILITY_DOMAIN_1
          #    - AVAILABILITY_DOMAIN_2
          #
          #
          # For improved reliability, customers should configure a pair of
          # attachments, one per availability domain. The selected availability
          # domain will be provided to the Partner via the pairing key, so that the
          # provisioned circuit will lie in the specified domain. If not specified,
          # the value will default to AVAILABILITY_DOMAIN_ANY.
      &quot;encryption&quot;: &quot;A String&quot;, # Indicates the user-supplied encryption option of this VLAN attachment
          # (interconnectAttachment). Can only be specified at attachment creation
          # for PARTNER or DEDICATED attachments.
          # Possible values are:
          #
          #    - alpha - This is the default value, which means that
          #    the VLAN attachment carries unencrypted traffic. VMs are able to send
          #    traffic to, or receive traffic from, such a VLAN attachment.
          #    - IPSEC - The VLAN attachment carries only encrypted
          #    traffic that is encrypted by an IPsec device, such as an HA VPN gateway
          #    or third-party IPsec VPN. VMs cannot directly send traffic to, or receive
          #    traffic from, such a VLAN attachment. To use *HA VPN over Cloud
          #    Interconnect*, the VLAN attachment must be created with this
          #    option.
      &quot;interconnect&quot;: &quot;A String&quot;, # URL of the underlying Interconnect object that this attachment&#x27;s traffic
          # will traverse through.
      &quot;ipsecInternalAddresses&quot;: [ # A list of URLs of addresses that have been reserved for the VLAN
          # attachment. Used only for the VLAN attachment that has the encryption
          # option as IPSEC. The addresses must be regional internal IP address
          # ranges. When creating an HA VPN gateway over the VLAN attachment, if the
          # attachment is configured to use a regional internal IP address, then the
          # VPN gateway&#x27;s IP address is allocated from the IP address range specified
          # here. For example, if the HA VPN gateway&#x27;s interface 0 is paired to this
          # VLAN attachment, then a regional internal IP address for the VPN gateway
          # interface 0 will be allocated from the IP address specified for this
          # VLAN attachment.
          # If this field is not specified when creating the VLAN attachment, then
          # later on when creating an HA VPN gateway on this VLAN attachment, the HA
          # VPN gateway&#x27;s IP address is allocated from the regional external IP
          # address pool.
        &quot;A String&quot;,
      ],
      &quot;l2Forwarding&quot;: { # L2 Interconnect Attachment related configuration. # L2 Interconnect Attachment related config. This field is required if the
          # type is L2_DEDICATED.
          #
          # The configuration specifies how VLAN tags (like dot1q, qinq, or dot1ad)
          # within L2 packets are mapped to the destination appliances IP addresses.
          # The packet is then encapsulated with the appliance IP address and sent to
          # the edge appliance.
        &quot;applianceMappings&quot;: { # Optional. A map of VLAN tags to appliances and optional inner mapping
            # rules. If VLANs are not explicitly mapped to any appliance, the
            # defaultApplianceIpAddress is used.
            #
            # Each VLAN tag can be a single number or a range of numbers in the range
            # of 1 to 4094, e.g., &quot;1&quot; or &quot;4001-4094&quot;. Non-empty and non-overlapping
            # VLAN tag ranges are enforced, and violating operations will be rejected.
            #
            # The VLAN tags in the Ethernet header must use an ethertype value of
            # 0x88A8 or 0x8100.
          &quot;a_key&quot;: { # Two-level VLAN-to-Appliance mapping rule.
            &quot;applianceIpAddress&quot;: &quot;A String&quot;, # Optional. A single IPv4 or IPv6 address used as the destination IP
                # address for ingress packets that match on a VLAN tag, but do not match
                # a more specific inner VLAN tag.
                #
                # Unset field (null-value) indicates both VLAN tags are required to be
                # mapped. Otherwise, defaultApplianceIpAddress is used.
            &quot;innerVlanToApplianceMappings&quot;: [ # Optional. Used to match against the inner VLAN when the packet
                # contains two VLAN tags.
                #
                # A list of mapping rules from inner VLAN tags to IP addresses. If the
                # inner VLAN is not explicitly mapped to an IP address range, the
                # applianceIpAddress is used.
              { # The inner VLAN-to-Appliance mapping.
                &quot;innerApplianceIpAddress&quot;: &quot;A String&quot;, # Required in this object. A single IPv4 or IPv6 address used as the
                    # destination IP address for ingress packets that match on both VLAN
                    # tags.
                &quot;innerVlanTags&quot;: [ # Required in this object. Used to match the inner VLAN tag on the
                    # packet. Each entry can be a single number or a range of numbers in
                    # the range of 1 to 4094, e.g., [&quot;1&quot;, &quot;4001-4094&quot;] is valid. Non-empty
                    # and Non-overlapping VLAN tag ranges are enforced, and violating
                    # operations will be rejected.
                    #
                    # The inner VLAN tags must have an ethertype value of 0x8100.
                  &quot;A String&quot;,
                ],
              },
            ],
            &quot;name&quot;: &quot;A String&quot;, # Optional. The name of this appliance mapping rule.
          },
        },
        &quot;defaultApplianceIpAddress&quot;: &quot;A String&quot;, # Optional. A single IPv4 or IPv6 address used as the default destination
            # IP when there is no VLAN mapping result found.
            #
            # Unset field (null-value) indicates the unmatched packet should be
            # dropped.
        &quot;geneveHeader&quot;: { # GeneveHeader related configurations. # Optional. It represents the structure of a Geneve (Generic Network
            # Virtualization Encapsulation) header, as defined in RFC8926. It encapsulates packets from various
            # protocols (e.g., Ethernet, IPv4, IPv6) for use in network virtualization
            # environments.
          &quot;vni&quot;: 42, # Optional. VNI is a 24-bit unique virtual network identifier, from 0 to
              # 16,777,215.
        },
        &quot;network&quot;: &quot;A String&quot;, # Required. Resource URL of the network to which this attachment belongs.
        &quot;tunnelEndpointIpAddress&quot;: &quot;A String&quot;, # Required. A single IPv4 or IPv6 address. This address will be used as the
            # source IP address for packets sent to the appliances, and must be used as
            # the destination IP address for packets that should be sent out through
            # this attachment.
      },
      &quot;mtu&quot;: 42, # Maximum Transmission Unit (MTU), in bytes, of packets passing through
          # this interconnect attachment. Valid values are 1440, 1460,
          # 1500, or 8896. If not specified, the value will default to 1440.
      &quot;multicastEnabled&quot;: True or False, # Whether or not to permit multicast traffic for this attachment. Multicast
          # packets will be dropped if this is not enabled.
      &quot;name&quot;: &quot;A String&quot;, # Name of the resource. Provided by the client when the resource is
          # created. Must be set on either the template_attachment or on each
          # specific attachment. If set, the name must be 1-63 characters long, and
          # comply with RFC1035. Specifically, the name must be 1-63
          # characters long and match the regular expression
          # `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a
          # lowercase letter, and all following characters must be a dash, lowercase
          # letter, or digit, except the last character, which cannot be a dash.
      &quot;pairingKey&quot;: &quot;A String&quot;, # [Output only for type PARTNER. Input only for PARTNER_PROVIDER. Not
          # present for DEDICATED].
          # The opaque identifier of a PARTNER attachment used to initiate
          # provisioning with a selected partner.
          # Of the form &quot;XXXXX/region/domain&quot;
      &quot;partnerAsn&quot;: &quot;A String&quot;, # Optional BGP ASN for the router supplied by a Layer 3 Partner if they
          # configured BGP on behalf of the customer.
          # Output only for PARTNER type, input only for PARTNER_PROVIDER, not
          # available for DEDICATED.
      &quot;partnerMetadata&quot;: { # Informational metadata about Partner attachments from Partners to display # Informational metadata about Partner attachments from Partners to display
          # to customers.
          # Output only for PARTNER type, mutable for PARTNER_PROVIDER, not
          # available for DEDICATED.
          # to customers.  These fields are propagated from PARTNER_PROVIDER
          # attachments to their corresponding PARTNER attachments.
        &quot;interconnectName&quot;: &quot;A String&quot;, # Plain text name of the Interconnect this attachment is connected to, as
            # displayed in the Partner&#x27;s portal. For instance &quot;Chicago 1&quot;.
            # This value may be validated to match approved Partner values.
        &quot;partnerName&quot;: &quot;A String&quot;, # Plain text name of the Partner providing this attachment.
            # This value may be validated to match approved Partner values.
        &quot;portalUrl&quot;: &quot;A String&quot;, # URL of the Partner&#x27;s portal for this Attachment. Partners may customise
            # this to be a deep link to the specific resource on the Partner portal.
            # This value may be validated to match approved Partner values.
      },
      &quot;region&quot;: &quot;A String&quot;, # The region that the Attachment is in.
      &quot;router&quot;: &quot;A String&quot;, # URL of the Cloud Router to be used for dynamic routing. This router must
          # be in the same region as this InterconnectAttachment. The
          # InterconnectAttachment will automatically connect the Interconnect to the
          # network &amp; region within which the Cloud Router is configured.
      &quot;stackType&quot;: &quot;A String&quot;, # The stack type for this interconnect attachment to identify whether the
          # IPv6 feature is enabled or not. If not specified, IPV4_ONLY
          # will be used.
          #
          # This field can be both set at interconnect attachments creation and
          # update interconnect attachment operations.
      &quot;subnetLength&quot;: 42, # Input only. Length of the IPv4 subnet mask.
          # Allowed values:
          #
          #
          #     - 29 (default)
          #     - 30
          #
          # The default value is 29, except for Cross-Cloud Interconnect
          # connections that use an InterconnectRemoteLocation with a
          # constraints.subnetLengthRange.min equal to 30. For example,
          # connections that use an Azure remote location fall into this
          # category. In these cases, the default value is 30, and requesting
          # 29 returns an error.
          #
          # Where both 29 and 30 are allowed, 29 is preferred, because it gives
          # Google Cloud Support more debugging visibility.
      &quot;type&quot;: &quot;A String&quot;, # The type of interconnect attachment this is, which can take one of the
          # following values:
          #
          #    - DEDICATED: an attachment to a Dedicated Interconnect.
          #    - PARTNER: an attachment to a Partner Interconnect, created by the
          #    customer.
          #    - PARTNER_PROVIDER: an attachment to a Partner Interconnect, created by
          #    the partner.
      &quot;vlanTag8021q&quot;: 42, # The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4093.
          # Only specified at creation time.
    },
  },
}

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Represents an Operation resource.
    #
    # Google Compute Engine has three Operation resources:
    #
    # * [Global](/compute/docs/reference/rest/alpha/globalOperations)
    # * [Regional](/compute/docs/reference/rest/alpha/regionOperations)
    # * [Zonal](/compute/docs/reference/rest/alpha/zoneOperations)
    #
    # You can use an operation resource to manage asynchronous API requests.
    # For more information, readHandling
    # API responses.
    #
    # Operations can be global, regional or zonal.
    #
    #    - For global operations, use the `globalOperations`
    #    resource.
    #    - For regional operations, use the
    #    `regionOperations` resource.
    #    - For zonal operations, use
    #    the `zoneOperations` resource.
    #
    #
    #
    # For more information, read
    # Global, Regional, and Zonal Resources.
    #
    # Note that completed Operation resources have a limited
    # retention period.
  &quot;clientOperationId&quot;: &quot;A String&quot;, # [Output Only] The value of `requestId` if you provided it in the request.
      # Not present otherwise.
  &quot;creationTimestamp&quot;: &quot;A String&quot;, # [Deprecated] This field is deprecated.
  &quot;description&quot;: &quot;A String&quot;, # [Output Only] A textual description of the operation, which is
      # set when the operation is created.
  &quot;endTime&quot;: &quot;A String&quot;, # [Output Only] The time that this operation was completed. This value is inRFC3339
      # text format.
  &quot;error&quot;: { # [Output Only] If errors are generated during processing of the operation,
      # this field will be populated.
    &quot;errors&quot;: [ # [Output Only] The array of errors encountered while processing this
        # operation.
      {
        &quot;code&quot;: &quot;A String&quot;, # [Output Only] The error type identifier for this error.
        &quot;errorDetails&quot;: [ # [Output Only] An optional list of messages that contain the error
            # details. There is a set of defined message types to use for providing
            # details.The syntax depends on the error code. For example,
            # QuotaExceededInfo will have details when the error code is
            # QUOTA_EXCEEDED.
          {
            &quot;errorInfo&quot;: { # Describes the cause of the error with structured details.
                #
                # Example of an error when contacting the &quot;pubsub.googleapis.com&quot; API when it
                # is not enabled:
                #
                #     { &quot;reason&quot;: &quot;API_DISABLED&quot;
                #       &quot;domain&quot;: &quot;googleapis.com&quot;
                #       &quot;metadata&quot;: {
                #         &quot;resource&quot;: &quot;projects/123&quot;,
                #         &quot;service&quot;: &quot;pubsub.googleapis.com&quot;
                #       }
                #     }
                #
                # This response indicates that the pubsub.googleapis.com API is not enabled.
                #
                # Example of an error that is returned when attempting to create a Spanner
                # instance in a region that is out of stock:
                #
                #     { &quot;reason&quot;: &quot;STOCKOUT&quot;
                #       &quot;domain&quot;: &quot;spanner.googleapis.com&quot;,
                #       &quot;metadata&quot;: {
                #         &quot;availableRegions&quot;: &quot;us-central1,us-east2&quot;
                #       }
                #     }
              &quot;domain&quot;: &quot;A String&quot;, # The logical grouping to which the &quot;reason&quot; belongs. The error domain
                  # is typically the registered service name of the tool or product that
                  # generates the error. Example: &quot;pubsub.googleapis.com&quot;. If the error is
                  # generated by some common infrastructure, the error domain must be a
                  # globally unique value that identifies the infrastructure. For Google API
                  # infrastructure, the error domain is &quot;googleapis.com&quot;.
              &quot;metadatas&quot;: { # Additional structured details about this error.
                  #
                  # Keys must match a regular expression of `a-z+` but should
                  # ideally be lowerCamelCase. Also, they must be limited to 64 characters in
                  # length. When identifying the current value of an exceeded limit, the units
                  # should be contained in the key, not the value.  For example, rather than
                  # `{&quot;instanceLimit&quot;: &quot;100/request&quot;}`, should be returned as,
                  # `{&quot;instanceLimitPerRequest&quot;: &quot;100&quot;}`, if the client exceeds the number of
                  # instances that can be created in a single (batch) request.
                &quot;a_key&quot;: &quot;A String&quot;,
              },
              &quot;reason&quot;: &quot;A String&quot;, # The reason of the error. This is a constant value that identifies the
                  # proximate cause of the error. Error reasons are unique within a particular
                  # domain of errors. This should be at most 63 characters and match a
                  # regular expression of `A-Z+[A-Z0-9]`, which represents
                  # UPPER_SNAKE_CASE.
            },
            &quot;help&quot;: { # Provides links to documentation or for performing an out of band action.
                #
                # For example, if a quota check failed with an error indicating the calling
                # project hasn&#x27;t enabled the accessed service, this can contain a URL pointing
                # directly to the right place in the developer console to flip the bit.
              &quot;links&quot;: [ # URL(s) pointing to additional information on handling the current error.
                { # Describes a URL link.
                  &quot;description&quot;: &quot;A String&quot;, # Describes what the link offers.
                  &quot;url&quot;: &quot;A String&quot;, # The URL of the link.
                },
              ],
            },
            &quot;localizedMessage&quot;: { # Provides a localized error message that is safe to return to the user
                # which can be attached to an RPC error.
              &quot;locale&quot;: &quot;A String&quot;, # The locale used following the specification defined at
                  # https://www.rfc-editor.org/rfc/bcp/bcp47.txt.
                  # Examples are: &quot;en-US&quot;, &quot;fr-CH&quot;, &quot;es-MX&quot;
              &quot;message&quot;: &quot;A String&quot;, # The localized error message in the above locale.
            },
            &quot;quotaInfo&quot;: { # Additional details for quota exceeded error for resource quota.
              &quot;dimensions&quot;: { # The map holding related quota dimensions.
                &quot;a_key&quot;: &quot;A String&quot;,
              },
              &quot;futureLimit&quot;: 3.14, # Future quota limit being rolled out. The limit&#x27;s unit depends on the quota
                  #  type or metric.
              &quot;limit&quot;: 3.14, # Current effective quota limit. The limit&#x27;s unit depends on the quota type
                  # or metric.
              &quot;limitName&quot;: &quot;A String&quot;, # The name of the quota limit.
              &quot;metricName&quot;: &quot;A String&quot;, # The Compute Engine quota metric name.
              &quot;rolloutStatus&quot;: &quot;A String&quot;, # Rollout status of the future quota limit.
            },
          },
        ],
        &quot;location&quot;: &quot;A String&quot;, # [Output Only] Indicates the field in the request that caused the error.
            # This property is optional.
        &quot;message&quot;: &quot;A String&quot;, # [Output Only] An optional, human-readable error message.
      },
    ],
  },
  &quot;httpErrorMessage&quot;: &quot;A String&quot;, # [Output Only] If the operation fails, this field contains the HTTP error
      # message that was returned, such as `NOT FOUND`.
  &quot;httpErrorStatusCode&quot;: 42, # [Output Only] If the operation fails, this field contains the HTTP error
      # status code that was returned. For example, a `404` means the
      # resource was not found.
  &quot;id&quot;: &quot;A String&quot;, # [Output Only] The unique identifier for the operation. This identifier is
      # defined by the server.
  &quot;insertTime&quot;: &quot;A String&quot;, # [Output Only] The time that this operation was requested.
      # This value is inRFC3339
      # text format.
  &quot;instancesBulkInsertOperationMetadata&quot;: {
    &quot;perLocationStatus&quot;: { # Status information per location (location name is key).
        # Example key: zones/us-central1-a
      &quot;a_key&quot;: {
        &quot;createdVmCount&quot;: 42, # [Output Only] Count of VMs successfully created so far.
        &quot;deletedVmCount&quot;: 42, # [Output Only] Count of VMs that got deleted during rollback.
        &quot;failedToCreateVmCount&quot;: 42, # [Output Only] Count of VMs that started creating but encountered an
            # error.
        &quot;status&quot;: &quot;A String&quot;, # [Output Only] Creation status of BulkInsert operation - information
            # if the flow is rolling forward or rolling back.
        &quot;targetVmCount&quot;: 42, # [Output Only] Count of VMs originally planned to be created.
      },
    },
  },
  &quot;kind&quot;: &quot;compute#operation&quot;, # [Output Only] Type of the resource. Always `compute#operation` for
      # Operation resources.
  &quot;name&quot;: &quot;A String&quot;, # [Output Only] Name of the operation.
  &quot;operationGroupId&quot;: &quot;A String&quot;, # [Output Only] An ID that represents a group of operations, such as when a
      # group of operations results from a `bulkInsert` API request.
  &quot;operationType&quot;: &quot;A String&quot;, # [Output Only] The type of operation, such as `insert`,
      # `update`, or `delete`, and so on.
  &quot;progress&quot;: 42, # [Output Only] An optional progress indicator that ranges from 0 to 100.
      # There is no requirement that this be linear or support any granularity of
      # operations. This should not be used to guess when the operation will be
      # complete. This number should monotonically increase as the operation
      # progresses.
  &quot;region&quot;: &quot;A String&quot;, # [Output Only] The URL of the region where the operation resides. Only
      # applicable when performing regional operations.
  &quot;selfLink&quot;: &quot;A String&quot;, # [Output Only] Server-defined URL for the resource.
  &quot;selfLinkWithId&quot;: &quot;A String&quot;, # [Output Only] Server-defined URL for this resource with the resource id.
  &quot;setCommonInstanceMetadataOperationMetadata&quot;: { # [Output Only] If the operation is for projects.setCommonInstanceMetadata,
      # this field will contain information on all underlying zonal actions and
      # their state.
    &quot;clientOperationId&quot;: &quot;A String&quot;, # [Output Only] The client operation id.
    &quot;perLocationOperations&quot;: { # [Output Only] Status information per location (location name is key).
        # Example key: zones/us-central1-a
      &quot;a_key&quot;: {
        &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # [Output Only] If state is `ABANDONED` or `FAILED`, this field is
            # populated.
            # different programming environments, including REST APIs and RPC APIs. It is
            # used by [gRPC](https://github.com/grpc). Each `Status` message contains
            # three pieces of data: error code, error message, and error details.
            #
            # You can find out more about this error model and how to work with it in the
            # [API Design Guide](https://cloud.google.com/apis/design/errors).
          &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
          &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
              # message types for APIs to use.
            {
              &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
            },
          ],
          &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
              # user-facing error message should be localized and sent in the
              # google.rpc.Status.details field, or localized by the client.
        },
        &quot;state&quot;: &quot;A String&quot;, # [Output Only] Status of the action, which can be one of the following:
            # `PROPAGATING`, `PROPAGATED`, `ABANDONED`, `FAILED`, or `DONE`.
      },
    },
  },
  &quot;startTime&quot;: &quot;A String&quot;, # [Output Only] The time that this operation was started by the server.
      # This value is inRFC3339
      # text format.
  &quot;status&quot;: &quot;A String&quot;, # [Output Only] The status of the operation, which can be one of the
      # following:
      # `PENDING`, `RUNNING`, or `DONE`.
  &quot;statusMessage&quot;: &quot;A String&quot;, # [Output Only] An optional textual description of the current status of the
      # operation.
  &quot;targetId&quot;: &quot;A String&quot;, # [Output Only] The unique target ID, which identifies a specific incarnation
      # of the target resource.
  &quot;targetLink&quot;: &quot;A String&quot;, # [Output Only] The URL of the resource that the operation modifies. For
      # operations related to creating a snapshot, this points to the disk
      # that the snapshot was created from.
  &quot;user&quot;: &quot;A String&quot;, # [Output Only] User who requested the operation, for example:
      # `user@example.com` or
      # `alice_smith_identifier (global/workforcePools/example-com-us-employees)`.
  &quot;warnings&quot;: [ # [Output Only] If warning messages are generated during processing of the
      # operation, this field will be populated.
    {
      &quot;code&quot;: &quot;A String&quot;, # [Output Only] A warning code, if applicable. For example, Compute
          # Engine returns NO_RESULTS_ON_PAGE if there
          # are no results in the response.
      &quot;data&quot;: [ # [Output Only] Metadata about this warning in key:
          # value format. For example:
          #
          # &quot;data&quot;: [
          #   {
          #    &quot;key&quot;: &quot;scope&quot;,
          #    &quot;value&quot;: &quot;zones/us-east1-d&quot;
          #   }
        {
          &quot;key&quot;: &quot;A String&quot;, # [Output Only] A key that provides more detail on the warning being
              # returned. For example, for warnings where there are no results in a list
              # request for a particular zone, this key might be scope and
              # the key value might be the zone name. Other examples might be a key
              # indicating a deprecated resource and a suggested replacement, or a
              # warning about invalid network settings (for example, if an instance
              # attempts to perform IP forwarding but is not enabled for IP forwarding).
          &quot;value&quot;: &quot;A String&quot;, # [Output Only] A warning data value corresponding to the key.
        },
      ],
      &quot;message&quot;: &quot;A String&quot;, # [Output Only] A human-readable description of the warning code.
    },
  ],
  &quot;zone&quot;: &quot;A String&quot;, # [Output Only] The URL of the zone where the operation resides. Only
      # applicable when performing per-zone operations.
}</pre>
</div>

<div class="method">
    <code class="details" id="delete">delete(project, interconnectAttachmentGroup, requestId=None, x__xgafv=None)</code>
  <pre>Deletes the specified InterconnectAttachmentGroup in the given scope

Args:
  project: string, Project ID for this request. (required)
  interconnectAttachmentGroup: string, Name of the InterconnectAttachmentGroup resource to delete. (required)
  requestId: string, An optional request ID to identify requests. Specify a unique request ID so
that if you must retry your request, the server will know to ignore the
request if it has already been completed.

For example, consider a situation where you make an initial request and
the request times out. If you make the request again with the same
request ID, the server can check if original operation with the same
request ID was received, and if so, will ignore the second request. This
prevents clients from accidentally creating duplicate commitments.

The request ID must be
a valid UUID with the exception that zero UUID is not supported
(00000000-0000-0000-0000-000000000000).
end_interface: MixerMutationRequestBuilder
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Represents an Operation resource.
    #
    # Google Compute Engine has three Operation resources:
    #
    # * [Global](/compute/docs/reference/rest/alpha/globalOperations)
    # * [Regional](/compute/docs/reference/rest/alpha/regionOperations)
    # * [Zonal](/compute/docs/reference/rest/alpha/zoneOperations)
    #
    # You can use an operation resource to manage asynchronous API requests.
    # For more information, readHandling
    # API responses.
    #
    # Operations can be global, regional or zonal.
    #
    #    - For global operations, use the `globalOperations`
    #    resource.
    #    - For regional operations, use the
    #    `regionOperations` resource.
    #    - For zonal operations, use
    #    the `zoneOperations` resource.
    #
    #
    #
    # For more information, read
    # Global, Regional, and Zonal Resources.
    #
    # Note that completed Operation resources have a limited
    # retention period.
  &quot;clientOperationId&quot;: &quot;A String&quot;, # [Output Only] The value of `requestId` if you provided it in the request.
      # Not present otherwise.
  &quot;creationTimestamp&quot;: &quot;A String&quot;, # [Deprecated] This field is deprecated.
  &quot;description&quot;: &quot;A String&quot;, # [Output Only] A textual description of the operation, which is
      # set when the operation is created.
  &quot;endTime&quot;: &quot;A String&quot;, # [Output Only] The time that this operation was completed. This value is inRFC3339
      # text format.
  &quot;error&quot;: { # [Output Only] If errors are generated during processing of the operation,
      # this field will be populated.
    &quot;errors&quot;: [ # [Output Only] The array of errors encountered while processing this
        # operation.
      {
        &quot;code&quot;: &quot;A String&quot;, # [Output Only] The error type identifier for this error.
        &quot;errorDetails&quot;: [ # [Output Only] An optional list of messages that contain the error
            # details. There is a set of defined message types to use for providing
            # details.The syntax depends on the error code. For example,
            # QuotaExceededInfo will have details when the error code is
            # QUOTA_EXCEEDED.
          {
            &quot;errorInfo&quot;: { # Describes the cause of the error with structured details.
                #
                # Example of an error when contacting the &quot;pubsub.googleapis.com&quot; API when it
                # is not enabled:
                #
                #     { &quot;reason&quot;: &quot;API_DISABLED&quot;
                #       &quot;domain&quot;: &quot;googleapis.com&quot;
                #       &quot;metadata&quot;: {
                #         &quot;resource&quot;: &quot;projects/123&quot;,
                #         &quot;service&quot;: &quot;pubsub.googleapis.com&quot;
                #       }
                #     }
                #
                # This response indicates that the pubsub.googleapis.com API is not enabled.
                #
                # Example of an error that is returned when attempting to create a Spanner
                # instance in a region that is out of stock:
                #
                #     { &quot;reason&quot;: &quot;STOCKOUT&quot;
                #       &quot;domain&quot;: &quot;spanner.googleapis.com&quot;,
                #       &quot;metadata&quot;: {
                #         &quot;availableRegions&quot;: &quot;us-central1,us-east2&quot;
                #       }
                #     }
              &quot;domain&quot;: &quot;A String&quot;, # The logical grouping to which the &quot;reason&quot; belongs. The error domain
                  # is typically the registered service name of the tool or product that
                  # generates the error. Example: &quot;pubsub.googleapis.com&quot;. If the error is
                  # generated by some common infrastructure, the error domain must be a
                  # globally unique value that identifies the infrastructure. For Google API
                  # infrastructure, the error domain is &quot;googleapis.com&quot;.
              &quot;metadatas&quot;: { # Additional structured details about this error.
                  #
                  # Keys must match a regular expression of `a-z+` but should
                  # ideally be lowerCamelCase. Also, they must be limited to 64 characters in
                  # length. When identifying the current value of an exceeded limit, the units
                  # should be contained in the key, not the value.  For example, rather than
                  # `{&quot;instanceLimit&quot;: &quot;100/request&quot;}`, should be returned as,
                  # `{&quot;instanceLimitPerRequest&quot;: &quot;100&quot;}`, if the client exceeds the number of
                  # instances that can be created in a single (batch) request.
                &quot;a_key&quot;: &quot;A String&quot;,
              },
              &quot;reason&quot;: &quot;A String&quot;, # The reason of the error. This is a constant value that identifies the
                  # proximate cause of the error. Error reasons are unique within a particular
                  # domain of errors. This should be at most 63 characters and match a
                  # regular expression of `A-Z+[A-Z0-9]`, which represents
                  # UPPER_SNAKE_CASE.
            },
            &quot;help&quot;: { # Provides links to documentation or for performing an out of band action.
                #
                # For example, if a quota check failed with an error indicating the calling
                # project hasn&#x27;t enabled the accessed service, this can contain a URL pointing
                # directly to the right place in the developer console to flip the bit.
              &quot;links&quot;: [ # URL(s) pointing to additional information on handling the current error.
                { # Describes a URL link.
                  &quot;description&quot;: &quot;A String&quot;, # Describes what the link offers.
                  &quot;url&quot;: &quot;A String&quot;, # The URL of the link.
                },
              ],
            },
            &quot;localizedMessage&quot;: { # Provides a localized error message that is safe to return to the user
                # which can be attached to an RPC error.
              &quot;locale&quot;: &quot;A String&quot;, # The locale used following the specification defined at
                  # https://www.rfc-editor.org/rfc/bcp/bcp47.txt.
                  # Examples are: &quot;en-US&quot;, &quot;fr-CH&quot;, &quot;es-MX&quot;
              &quot;message&quot;: &quot;A String&quot;, # The localized error message in the above locale.
            },
            &quot;quotaInfo&quot;: { # Additional details for quota exceeded error for resource quota.
              &quot;dimensions&quot;: { # The map holding related quota dimensions.
                &quot;a_key&quot;: &quot;A String&quot;,
              },
              &quot;futureLimit&quot;: 3.14, # Future quota limit being rolled out. The limit&#x27;s unit depends on the quota
                  #  type or metric.
              &quot;limit&quot;: 3.14, # Current effective quota limit. The limit&#x27;s unit depends on the quota type
                  # or metric.
              &quot;limitName&quot;: &quot;A String&quot;, # The name of the quota limit.
              &quot;metricName&quot;: &quot;A String&quot;, # The Compute Engine quota metric name.
              &quot;rolloutStatus&quot;: &quot;A String&quot;, # Rollout status of the future quota limit.
            },
          },
        ],
        &quot;location&quot;: &quot;A String&quot;, # [Output Only] Indicates the field in the request that caused the error.
            # This property is optional.
        &quot;message&quot;: &quot;A String&quot;, # [Output Only] An optional, human-readable error message.
      },
    ],
  },
  &quot;httpErrorMessage&quot;: &quot;A String&quot;, # [Output Only] If the operation fails, this field contains the HTTP error
      # message that was returned, such as `NOT FOUND`.
  &quot;httpErrorStatusCode&quot;: 42, # [Output Only] If the operation fails, this field contains the HTTP error
      # status code that was returned. For example, a `404` means the
      # resource was not found.
  &quot;id&quot;: &quot;A String&quot;, # [Output Only] The unique identifier for the operation. This identifier is
      # defined by the server.
  &quot;insertTime&quot;: &quot;A String&quot;, # [Output Only] The time that this operation was requested.
      # This value is inRFC3339
      # text format.
  &quot;instancesBulkInsertOperationMetadata&quot;: {
    &quot;perLocationStatus&quot;: { # Status information per location (location name is key).
        # Example key: zones/us-central1-a
      &quot;a_key&quot;: {
        &quot;createdVmCount&quot;: 42, # [Output Only] Count of VMs successfully created so far.
        &quot;deletedVmCount&quot;: 42, # [Output Only] Count of VMs that got deleted during rollback.
        &quot;failedToCreateVmCount&quot;: 42, # [Output Only] Count of VMs that started creating but encountered an
            # error.
        &quot;status&quot;: &quot;A String&quot;, # [Output Only] Creation status of BulkInsert operation - information
            # if the flow is rolling forward or rolling back.
        &quot;targetVmCount&quot;: 42, # [Output Only] Count of VMs originally planned to be created.
      },
    },
  },
  &quot;kind&quot;: &quot;compute#operation&quot;, # [Output Only] Type of the resource. Always `compute#operation` for
      # Operation resources.
  &quot;name&quot;: &quot;A String&quot;, # [Output Only] Name of the operation.
  &quot;operationGroupId&quot;: &quot;A String&quot;, # [Output Only] An ID that represents a group of operations, such as when a
      # group of operations results from a `bulkInsert` API request.
  &quot;operationType&quot;: &quot;A String&quot;, # [Output Only] The type of operation, such as `insert`,
      # `update`, or `delete`, and so on.
  &quot;progress&quot;: 42, # [Output Only] An optional progress indicator that ranges from 0 to 100.
      # There is no requirement that this be linear or support any granularity of
      # operations. This should not be used to guess when the operation will be
      # complete. This number should monotonically increase as the operation
      # progresses.
  &quot;region&quot;: &quot;A String&quot;, # [Output Only] The URL of the region where the operation resides. Only
      # applicable when performing regional operations.
  &quot;selfLink&quot;: &quot;A String&quot;, # [Output Only] Server-defined URL for the resource.
  &quot;selfLinkWithId&quot;: &quot;A String&quot;, # [Output Only] Server-defined URL for this resource with the resource id.
  &quot;setCommonInstanceMetadataOperationMetadata&quot;: { # [Output Only] If the operation is for projects.setCommonInstanceMetadata,
      # this field will contain information on all underlying zonal actions and
      # their state.
    &quot;clientOperationId&quot;: &quot;A String&quot;, # [Output Only] The client operation id.
    &quot;perLocationOperations&quot;: { # [Output Only] Status information per location (location name is key).
        # Example key: zones/us-central1-a
      &quot;a_key&quot;: {
        &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # [Output Only] If state is `ABANDONED` or `FAILED`, this field is
            # populated.
            # different programming environments, including REST APIs and RPC APIs. It is
            # used by [gRPC](https://github.com/grpc). Each `Status` message contains
            # three pieces of data: error code, error message, and error details.
            #
            # You can find out more about this error model and how to work with it in the
            # [API Design Guide](https://cloud.google.com/apis/design/errors).
          &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
          &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
              # message types for APIs to use.
            {
              &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
            },
          ],
          &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
              # user-facing error message should be localized and sent in the
              # google.rpc.Status.details field, or localized by the client.
        },
        &quot;state&quot;: &quot;A String&quot;, # [Output Only] Status of the action, which can be one of the following:
            # `PROPAGATING`, `PROPAGATED`, `ABANDONED`, `FAILED`, or `DONE`.
      },
    },
  },
  &quot;startTime&quot;: &quot;A String&quot;, # [Output Only] The time that this operation was started by the server.
      # This value is inRFC3339
      # text format.
  &quot;status&quot;: &quot;A String&quot;, # [Output Only] The status of the operation, which can be one of the
      # following:
      # `PENDING`, `RUNNING`, or `DONE`.
  &quot;statusMessage&quot;: &quot;A String&quot;, # [Output Only] An optional textual description of the current status of the
      # operation.
  &quot;targetId&quot;: &quot;A String&quot;, # [Output Only] The unique target ID, which identifies a specific incarnation
      # of the target resource.
  &quot;targetLink&quot;: &quot;A String&quot;, # [Output Only] The URL of the resource that the operation modifies. For
      # operations related to creating a snapshot, this points to the disk
      # that the snapshot was created from.
  &quot;user&quot;: &quot;A String&quot;, # [Output Only] User who requested the operation, for example:
      # `user@example.com` or
      # `alice_smith_identifier (global/workforcePools/example-com-us-employees)`.
  &quot;warnings&quot;: [ # [Output Only] If warning messages are generated during processing of the
      # operation, this field will be populated.
    {
      &quot;code&quot;: &quot;A String&quot;, # [Output Only] A warning code, if applicable. For example, Compute
          # Engine returns NO_RESULTS_ON_PAGE if there
          # are no results in the response.
      &quot;data&quot;: [ # [Output Only] Metadata about this warning in key:
          # value format. For example:
          #
          # &quot;data&quot;: [
          #   {
          #    &quot;key&quot;: &quot;scope&quot;,
          #    &quot;value&quot;: &quot;zones/us-east1-d&quot;
          #   }
        {
          &quot;key&quot;: &quot;A String&quot;, # [Output Only] A key that provides more detail on the warning being
              # returned. For example, for warnings where there are no results in a list
              # request for a particular zone, this key might be scope and
              # the key value might be the zone name. Other examples might be a key
              # indicating a deprecated resource and a suggested replacement, or a
              # warning about invalid network settings (for example, if an instance
              # attempts to perform IP forwarding but is not enabled for IP forwarding).
          &quot;value&quot;: &quot;A String&quot;, # [Output Only] A warning data value corresponding to the key.
        },
      ],
      &quot;message&quot;: &quot;A String&quot;, # [Output Only] A human-readable description of the warning code.
    },
  ],
  &quot;zone&quot;: &quot;A String&quot;, # [Output Only] The URL of the zone where the operation resides. Only
      # applicable when performing per-zone operations.
}</pre>
</div>

<div class="method">
    <code class="details" id="get">get(project, interconnectAttachmentGroup, x__xgafv=None)</code>
  <pre>Returns the specified InterconnectAttachmentGroup resource in the given
scope.

Args:
  project: string, Project ID for this request. (required)
  interconnectAttachmentGroup: string, Name of the InterconnectAttachmentGroup resource to return. (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # An interconnect attachment group resource allows customers to create,
    # analyze, and expand highly available deployments.
  &quot;attachments&quot;: { # Attachments in the AttachmentGroup. Keys are arbitrary user-specified
      # strings. Users are encouraged, but not required, to use their preferred
      # format for resource links as keys.
      # Note that there are add-members and remove-members methods in gcloud.
      # The size of this map is limited by an &quot;Attachments per group&quot; quota.
    &quot;a_key&quot;: { # An Attachment in this AttachmentGroup.
      &quot;attachment&quot;: &quot;A String&quot;,
    },
  },
  &quot;configured&quot;: { # [Output Only] The redundancy this group is configured to support. The way a
      # user queries what SLA their Attachment gets is by looking at this field of
      # the Attachment&#x27;s AttachmentGroup.
    &quot;availabilitySla&quot;: { # [Output Only] Which SLA this group is configured to support, and why this
        # group does or does not meet that SLA&#x27;s requirements.
      &quot;effectiveSla&quot;: &quot;A String&quot;,
      &quot;intendedSlaBlockers&quot;: [
        { # [Output Only] Reasons why configuration.availabilitySLA.sla differs from
            # intent.availabilitySLA. This list is empty if and only if those are the
            # same.
          &quot;attachments&quot;: [ # [Output Only] URLs of any particular Attachments to explain this
              # blocker in more detail.
            &quot;A String&quot;,
          ],
          &quot;blockerType&quot;: &quot;A String&quot;,
          &quot;documentationLink&quot;: &quot;A String&quot;, # [Output Only] The url of Google Cloud public documentation explaining
              # this requirement. This is set for every type of requirement.
          &quot;explanation&quot;: &quot;A String&quot;, # [Output Only] A human-readable explanation of this requirement and
              # why it&#x27;s not met. This is set for every type of requirement.
          &quot;metros&quot;: [ # [Output Only] Metros used to explain this blocker in more detail.
              # These are three-letter lowercase strings like &quot;iad&quot;. This will be set
              # for some blockers (like NO_ATTACHMENTS_IN_METRO_AND_ZONE) but does
              # not apply to others.
            &quot;A String&quot;,
          ],
          &quot;regions&quot;: [ # [Output Only] Regions used to explain this blocker in more
              # detail. These are region names formatted like &quot;us-central1&quot;. This
              # will be set for some blockers (like INCOMPATIBLE_REGIONS) but does
              # not apply to others.
            &quot;A String&quot;,
          ],
          &quot;zones&quot;: [ # [Output Only] Zones used to explain this blocker in more detail.
              # Format is &quot;zone1&quot; and/or &quot;zone2&quot;. This will be set for some blockers
              # (like  MISSING_ZONE) but does not apply to others.
            &quot;A String&quot;,
          ],
        },
      ],
    },
  },
  &quot;creationTimestamp&quot;: &quot;A String&quot;, # [Output Only] Creation timestamp inRFC3339
      # text format.
  &quot;description&quot;: &quot;A String&quot;, # An optional description of this resource. Provide this property when you
      # create the resource.
  &quot;etag&quot;: &quot;A String&quot;, # Opaque system-generated token that uniquely identifies the configuration.
      # If provided when patching a configuration in update mode, the provided
      # token must match the current token or the update is rejected. This provides
      # a reliable means of doing read-modify-write (optimistic locking) as
      # described byAIP 154.
  &quot;id&quot;: &quot;A String&quot;, # [Output Only] The unique identifier for the resource type. The server
      # generates this identifier.
  &quot;intent&quot;: { # The user&#x27;s intent for this AttachmentGroup. This is the only required field
      # besides the name that must be specified on group creation.
    &quot;availabilitySla&quot;: &quot;A String&quot;,
  },
  &quot;interconnectGroup&quot;: &quot;A String&quot;, # The URL of an InterconnectGroup that groups these Attachments&#x27;
      # Interconnects. Customers do not need to set this unless directed by
      # Google Support.
  &quot;kind&quot;: &quot;compute#interconnectAttachmentGroup&quot;, # [Output Only] Type of the resource. Always
      # compute#interconnectAttachmentGroup.
  &quot;logicalStructure&quot;: { # [Output Only] An analysis of the logical layout of Attachments in this
      # group. Every Attachment in the group is shown once in this structure.
    &quot;regions&quot;: [
      { # [Output Only] The regions Attachments in this group are in.
        &quot;metros&quot;: [
          { # [Output Only] The metros of Attachments in this group in this region.
            &quot;facilities&quot;: [
              { # [Output Only] The facilities used for this group&#x27;s Attachments&#x27;
                  # Interconnects.
                &quot;facility&quot;: &quot;A String&quot;, # [Output Only] The name of a facility, like &quot;iad-1234&quot;.
                &quot;zones&quot;: [
                  { # [Output Only] The zones that Attachments in this group are present
                      # in, in the given facilities.  This is inherited from their
                      # Interconnects.
                    &quot;attachments&quot;: [ # [Output Only] URLs of Attachments in the given zone, to the given
                        # region, on Interconnects in the given facility and metro. Every
                        # Attachment in the AG has such an entry.
                      &quot;A String&quot;,
                    ],
                    &quot;zone&quot;: &quot;A String&quot;, # [Output Only] The name of a zone, either &quot;zone1&quot; or &quot;zone2&quot;.
                  },
                ],
              },
            ],
            &quot;metro&quot;: &quot;A String&quot;, # [Output Only] The name of the metro, as a three-letter lowercase
                # string like &quot;iad&quot;. This is the first component of the location of an
                # Interconnect.
          },
        ],
        &quot;region&quot;: &quot;A String&quot;, # [Output Only] The name of a region, like &quot;us-central1&quot;.
      },
    ],
  },
  &quot;name&quot;: &quot;A String&quot;, # Name of the resource. Provided by the client when the resource is created.
      # The name must be 1-63 characters long, and comply withRFC1035.
      # Specifically, the name must be 1-63 characters long and match the regular
      # expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first
      # character must be a lowercase letter, and all following characters must
      # be a dash, lowercase letter, or digit, except the last character, which
      # cannot be a dash.
  &quot;selfLink&quot;: &quot;A String&quot;, # [Output Only] Server-defined URL for the resource.
}</pre>
</div>

<div class="method">
    <code class="details" id="getIamPolicy">getIamPolicy(project, resource, optionsRequestedPolicyVersion=None, x__xgafv=None)</code>
  <pre>Gets the access control policy for a resource. May be empty if no such
policy or resource exists.

Args:
  project: string, Project ID for this request. (required)
  resource: string, Name or id of the resource for this request. (required)
  optionsRequestedPolicyVersion: integer, Requested IAM Policy version.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # An Identity and Access Management (IAM) policy, which specifies access
    # controls for Google Cloud resources.
    #
    #
    # A `Policy` is a collection of `bindings`. A `binding` binds one or more
    # `members`, or principals, to a single `role`. Principals can be user
    # accounts, service accounts, Google groups, and domains (such as G Suite). A
    # `role` is a named list of permissions; each `role` can be an IAM predefined
    # role or a user-created custom role.
    #
    # For some types of Google Cloud resources, a `binding` can also specify a
    # `condition`, which is a logical expression that allows access to a resource
    # only if the expression evaluates to `true`. A condition can add constraints
    # based on attributes of the request, the resource, or both. To learn which
    # resources support conditions in their IAM policies, see the
    # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
    #
    # **JSON example:**
    #
    # ```
    #     {
    #       &quot;bindings&quot;: [
    #         {
    #           &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
    #           &quot;members&quot;: [
    #             &quot;user:mike@example.com&quot;,
    #             &quot;group:admins@example.com&quot;,
    #             &quot;domain:google.com&quot;,
    #             &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
    #           ]
    #         },
    #         {
    #           &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
    #           &quot;members&quot;: [
    #             &quot;user:eve@example.com&quot;
    #           ],
    #           &quot;condition&quot;: {
    #             &quot;title&quot;: &quot;expirable access&quot;,
    #             &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
    #             &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
    #           }
    #         }
    #       ],
    #       &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
    #       &quot;version&quot;: 3
    #     }
    # ```
    #
    # **YAML example:**
    #
    # ```
    #     bindings:
    #     - members:
    #       - user:mike@example.com
    #       - group:admins@example.com
    #       - domain:google.com
    #       - serviceAccount:my-project-id@appspot.gserviceaccount.com
    #       role: roles/resourcemanager.organizationAdmin
    #     - members:
    #       - user:eve@example.com
    #       role: roles/resourcemanager.organizationViewer
    #       condition:
    #         title: expirable access
    #         description: Does not grant access after Sep 2020
    #         expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
    #     etag: BwWWja0YfJA=
    #     version: 3
    # ```
    #
    # For a description of IAM and its features, see the
    # [IAM documentation](https://cloud.google.com/iam/docs/).
  &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
    { # Specifies the audit configuration for a service.
        # The configuration determines which permission types are logged, and what
        # identities, if any, are exempted from logging.
        # An AuditConfig must have one or more AuditLogConfigs.
        #
        # If there are AuditConfigs for both `allServices` and a specific service,
        # the union of the two AuditConfigs is used for that service: the log_types
        # specified in each AuditConfig are enabled, and the exempted_members in each
        # AuditLogConfig are exempted.
        #
        # Example Policy with multiple AuditConfigs:
        #
        #     {
        #       &quot;audit_configs&quot;: [
        #         {
        #           &quot;service&quot;: &quot;allServices&quot;,
        #           &quot;audit_log_configs&quot;: [
        #             {
        #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
        #               &quot;exempted_members&quot;: [
        #                 &quot;user:jose@example.com&quot;
        #               ]
        #             },
        #             {
        #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;
        #             },
        #             {
        #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;
        #             }
        #           ]
        #         },
        #         {
        #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;,
        #           &quot;audit_log_configs&quot;: [
        #             {
        #               &quot;log_type&quot;: &quot;DATA_READ&quot;
        #             },
        #             {
        #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
        #               &quot;exempted_members&quot;: [
        #                 &quot;user:aliya@example.com&quot;
        #               ]
        #             }
        #           ]
        #         }
        #       ]
        #     }
        #
        # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
        # logging. It also exempts `jose@example.com` from DATA_READ logging, and
        # `aliya@example.com` from DATA_WRITE logging.
      &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
        { # Provides the configuration for logging a type of permissions.
            # Example:
            #
            #     {
            #       &quot;audit_log_configs&quot;: [
            #         {
            #           &quot;log_type&quot;: &quot;DATA_READ&quot;,
            #           &quot;exempted_members&quot;: [
            #             &quot;user:jose@example.com&quot;
            #           ]
            #         },
            #         {
            #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;
            #         }
            #       ]
            #     }
            #
            # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
            # jose@example.com from DATA_READ logging.
          &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
              # permission.
              # Follows the same format of Binding.members.
            &quot;A String&quot;,
          ],
          &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
        },
      ],
      &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
          # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
          # `allServices` is a special value that covers all services.
    },
  ],
  &quot;bindings&quot;: [ # Associates a list of `members`, or principals, with a `role`. Optionally,
      # may specify a `condition` that determines how and when the `bindings` are
      # applied. Each of the `bindings` must contain at least one principal.
      #
      # The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
      # of these principals can be Google groups. Each occurrence of a principal
      # counts towards these limits. For example, if the `bindings` grant 50
      # different roles to `user:alice@example.com`, and not to any other
      # principal, then you can add another 1,450 principals to the `bindings` in
      # the `Policy`.
    { # Associates `members`, or principals, with a `role`.
      &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
          #
          # If the condition evaluates to `true`, then this binding applies to the
          # current request.
          #
          # If the condition evaluates to `false`, then this binding does not apply to
          # the current request. However, a different role binding might grant the same
          # role to one or more of the principals in this binding.
          #
          # To learn which resources support conditions in their IAM policies, see the
          # [IAM
          # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
          # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
          # are documented at https://github.com/google/cel-spec.
          #
          # Example (Comparison):
          #
          #     title: &quot;Summary size limit&quot;
          #     description: &quot;Determines if a summary is less than 100 chars&quot;
          #     expression: &quot;document.summary.size() &lt; 100&quot;
          #
          # Example (Equality):
          #
          #     title: &quot;Requestor is owner&quot;
          #     description: &quot;Determines if requestor is the document owner&quot;
          #     expression: &quot;document.owner == request.auth.claims.email&quot;
          #
          # Example (Logic):
          #
          #     title: &quot;Public documents&quot;
          #     description: &quot;Determine whether the document should be publicly visible&quot;
          #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
          #
          # Example (Data Manipulation):
          #
          #     title: &quot;Notification string&quot;
          #     description: &quot;Create a notification string with a timestamp.&quot;
          #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
          #
          # The exact variables and functions that may be referenced within an expression
          # are determined by the service that evaluates it. See the service
          # documentation for additional information.
        &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
            # describes the expression, e.g. when hovered over it in a UI.
        &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
            # syntax.
        &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
            # reporting, e.g. a file name and a position in the file.
        &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
            # its purpose. This can be used e.g. in UIs which allow to enter the
            # expression.
      },
      &quot;members&quot;: [ # Specifies the principals requesting access for a Google Cloud resource.
          # `members` can have the following values:
          #
          # * `allUsers`: A special identifier that represents anyone who is
          #    on the internet; with or without a Google account.
          #
          # * `allAuthenticatedUsers`: A special identifier that represents anyone
          #    who is authenticated with a Google account or a service account.
          #    Does not include identities that come from external identity providers
          #    (IdPs) through identity federation.
          #
          # * `user:{emailid}`: An email address that represents a specific Google
          #    account. For example, `alice@example.com` .
          #
          #
          # * `serviceAccount:{emailid}`: An email address that represents a Google
          #    service account. For example,
          #    `my-other-app@appspot.gserviceaccount.com`.
          #
          # * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An
          #    identifier for a
          #    [Kubernetes service
          #    account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
          #    For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
          #
          # * `group:{emailid}`: An email address that represents a Google group.
          #    For example, `admins@example.com`.
          #
          #
          # * `domain:{domain}`: The G Suite domain (primary) that represents all the
          #    users of that domain. For example, `google.com` or `example.com`.
          #
          #
          #
          #
          # * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
          #   A single identity in a workforce identity pool.
          #
          # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
          #   All workforce identities in a group.
          #
          # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`:
          #   All workforce identities with a specific attribute value.
          #
          # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`:
          #   All identities in a workforce identity pool.
          #
          # * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`:
          #   A single identity in a workload identity pool.
          #
          # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`:
          #   A workload identity pool group.
          #
          # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`:
          #   All identities in a workload identity pool with a certain attribute.
          #
          # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`:
          #   All identities in a workload identity pool.
          #
          # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
          #    identifier) representing a user that has been recently deleted. For
          #    example, `alice@example.com?uid=123456789012345678901`. If the user is
          #    recovered, this value reverts to `user:{emailid}` and the recovered user
          #    retains the role in the binding.
          #
          # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
          #    unique identifier) representing a service account that has been recently
          #    deleted. For example,
          #    `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
          #    If the service account is undeleted, this value reverts to
          #    `serviceAccount:{emailid}` and the undeleted service account retains the
          #    role in the binding.
          #
          # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
          #    identifier) representing a Google group that has been recently
          #    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
          #    the group is recovered, this value reverts to `group:{emailid}` and the
          #    recovered group retains the role in the binding.
          #
          # * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
          #   Deleted single identity in a workforce identity pool. For example,
          #   `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
        &quot;A String&quot;,
      ],
      &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to the list of `members`, or principals.
          # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
          #
          # For an overview of the IAM roles and permissions, see the
          # [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For
          # a list of the available pre-defined roles, see
          # [here](https://cloud.google.com/iam/docs/understanding-roles).
    },
  ],
  &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
      # prevent simultaneous updates of a policy from overwriting each other.
      # It is strongly suggested that systems make use of the `etag` in the
      # read-modify-write cycle to perform policy updates in order to avoid race
      # conditions: An `etag` is returned in the response to `getIamPolicy`, and
      # systems are expected to put that etag in the request to `setIamPolicy` to
      # ensure that their change will be applied to the same version of the policy.
      #
      # **Important:** If you use IAM Conditions, you must include the `etag` field
      # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
      # you to overwrite a version `3` policy with a version `1` policy, and all of
      # the conditions in the version `3` policy are lost.
  &quot;version&quot;: 42, # Specifies the format of the policy.
      #
      # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
      # are rejected.
      #
      # Any operation that affects conditional role bindings must specify version
      # `3`. This requirement applies to the following operations:
      #
      # * Getting a policy that includes a conditional role binding
      # * Adding a conditional role binding to a policy
      # * Changing a conditional role binding in a policy
      # * Removing any role binding, with or without a condition, from a policy
      #   that includes conditions
      #
      # **Important:** If you use IAM Conditions, you must include the `etag` field
      # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
      # you to overwrite a version `3` policy with a version `1` policy, and all of
      # the conditions in the version `3` policy are lost.
      #
      # If a policy does not include any conditions, operations on that policy may
      # specify any valid version or leave the field unset.
      #
      # To learn which resources support conditions in their IAM policies, see the
      # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
}</pre>
</div>

<div class="method">
    <code class="details" id="getOperationalStatus">getOperationalStatus(project, interconnectAttachmentGroup, x__xgafv=None)</code>
  <pre>Returns the InterconnectAttachmentStatuses for the specified
InterconnectAttachmentGroup resource.

Args:
  project: string, Project ID for this request. (required)
  interconnectAttachmentGroup: string, Name of the interconnectAttachmentGroup resource to query. (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Response for the InterconnectAttachmentGroupsGetOperationalStatusResponse.
  &quot;etag&quot;: &quot;A String&quot;,
  &quot;result&quot;: {
    &quot;attachmentStatuses&quot;: [
      { # The status of one Attachment in the group. List order is arbitrary.
        &quot;adminEnabled&quot;: True or False, # Whether this Attachment is enabled. This becomes false when the customer
            # drains their Attachment.
        &quot;attachment&quot;: &quot;A String&quot;, # The URL of the Attachment being described.
        &quot;isActive&quot;: &quot;A String&quot;, # Whether this Attachment is participating in the redundant configuration.
            # This will be ACTIVE if and only if the status below is CONNECTION_UP.
            # Any INACTIVE Attachments are excluded from the analysis that generates
            # operational.availabilitySLA.
        &quot;status&quot;: &quot;A String&quot;, # Whether this Attachment is active, and if so, whether BGP is up.
      },
    ],
    &quot;configured&quot;: { # [Output Only] The redundancy this group is configured to support. The way a
        # user queries what SLA their Attachment gets is by looking at this field of
        # the Attachment&#x27;s AttachmentGroup.
      &quot;availabilitySla&quot;: { # [Output Only] Which SLA this group is configured to support, and why this
          # group does or does not meet that SLA&#x27;s requirements.
        &quot;effectiveSla&quot;: &quot;A String&quot;,
        &quot;intendedSlaBlockers&quot;: [
          { # [Output Only] Reasons why configuration.availabilitySLA.sla differs from
              # intent.availabilitySLA. This list is empty if and only if those are the
              # same.
            &quot;attachments&quot;: [ # [Output Only] URLs of any particular Attachments to explain this
                # blocker in more detail.
              &quot;A String&quot;,
            ],
            &quot;blockerType&quot;: &quot;A String&quot;,
            &quot;documentationLink&quot;: &quot;A String&quot;, # [Output Only] The url of Google Cloud public documentation explaining
                # this requirement. This is set for every type of requirement.
            &quot;explanation&quot;: &quot;A String&quot;, # [Output Only] A human-readable explanation of this requirement and
                # why it&#x27;s not met. This is set for every type of requirement.
            &quot;metros&quot;: [ # [Output Only] Metros used to explain this blocker in more detail.
                # These are three-letter lowercase strings like &quot;iad&quot;. This will be set
                # for some blockers (like NO_ATTACHMENTS_IN_METRO_AND_ZONE) but does
                # not apply to others.
              &quot;A String&quot;,
            ],
            &quot;regions&quot;: [ # [Output Only] Regions used to explain this blocker in more
                # detail. These are region names formatted like &quot;us-central1&quot;. This
                # will be set for some blockers (like INCOMPATIBLE_REGIONS) but does
                # not apply to others.
              &quot;A String&quot;,
            ],
            &quot;zones&quot;: [ # [Output Only] Zones used to explain this blocker in more detail.
                # Format is &quot;zone1&quot; and/or &quot;zone2&quot;. This will be set for some blockers
                # (like  MISSING_ZONE) but does not apply to others.
              &quot;A String&quot;,
            ],
          },
        ],
      },
    },
    &quot;groupStatus&quot;: &quot;A String&quot;, # Summarizes the status of the group.
    &quot;intent&quot;: { # The user&#x27;s intent for this AttachmentGroup. This is the only required field
        # besides the name that must be specified on group creation.
      &quot;availabilitySla&quot;: &quot;A String&quot;,
    },
    &quot;operational&quot;: { # [Output Only] The redundancy this group is configured to support. The way a # The operational state of the group, including only active Attachments.
        # user queries what SLA their Attachment gets is by looking at this field of
        # the Attachment&#x27;s AttachmentGroup.
      &quot;availabilitySla&quot;: { # [Output Only] Which SLA this group is configured to support, and why this
          # group does or does not meet that SLA&#x27;s requirements.
        &quot;effectiveSla&quot;: &quot;A String&quot;,
        &quot;intendedSlaBlockers&quot;: [
          { # [Output Only] Reasons why configuration.availabilitySLA.sla differs from
              # intent.availabilitySLA. This list is empty if and only if those are the
              # same.
            &quot;attachments&quot;: [ # [Output Only] URLs of any particular Attachments to explain this
                # blocker in more detail.
              &quot;A String&quot;,
            ],
            &quot;blockerType&quot;: &quot;A String&quot;,
            &quot;documentationLink&quot;: &quot;A String&quot;, # [Output Only] The url of Google Cloud public documentation explaining
                # this requirement. This is set for every type of requirement.
            &quot;explanation&quot;: &quot;A String&quot;, # [Output Only] A human-readable explanation of this requirement and
                # why it&#x27;s not met. This is set for every type of requirement.
            &quot;metros&quot;: [ # [Output Only] Metros used to explain this blocker in more detail.
                # These are three-letter lowercase strings like &quot;iad&quot;. This will be set
                # for some blockers (like NO_ATTACHMENTS_IN_METRO_AND_ZONE) but does
                # not apply to others.
              &quot;A String&quot;,
            ],
            &quot;regions&quot;: [ # [Output Only] Regions used to explain this blocker in more
                # detail. These are region names formatted like &quot;us-central1&quot;. This
                # will be set for some blockers (like INCOMPATIBLE_REGIONS) but does
                # not apply to others.
              &quot;A String&quot;,
            ],
            &quot;zones&quot;: [ # [Output Only] Zones used to explain this blocker in more detail.
                # Format is &quot;zone1&quot; and/or &quot;zone2&quot;. This will be set for some blockers
                # (like  MISSING_ZONE) but does not apply to others.
              &quot;A String&quot;,
            ],
          },
        ],
      },
    },
  },
}</pre>
</div>

<div class="method">
    <code class="details" id="insert">insert(project, body=None, requestId=None, x__xgafv=None)</code>
  <pre>Creates a InterconnectAttachmentGroup in the specified project in the given
scope using the parameters that are included in the request.

Args:
  project: string, Project ID for this request. (required)
  body: object, The request body.
    The object takes the form of:

{ # An interconnect attachment group resource allows customers to create,
    # analyze, and expand highly available deployments.
  &quot;attachments&quot;: { # Attachments in the AttachmentGroup. Keys are arbitrary user-specified
      # strings. Users are encouraged, but not required, to use their preferred
      # format for resource links as keys.
      # Note that there are add-members and remove-members methods in gcloud.
      # The size of this map is limited by an &quot;Attachments per group&quot; quota.
    &quot;a_key&quot;: { # An Attachment in this AttachmentGroup.
      &quot;attachment&quot;: &quot;A String&quot;,
    },
  },
  &quot;configured&quot;: { # [Output Only] The redundancy this group is configured to support. The way a
      # user queries what SLA their Attachment gets is by looking at this field of
      # the Attachment&#x27;s AttachmentGroup.
    &quot;availabilitySla&quot;: { # [Output Only] Which SLA this group is configured to support, and why this
        # group does or does not meet that SLA&#x27;s requirements.
      &quot;effectiveSla&quot;: &quot;A String&quot;,
      &quot;intendedSlaBlockers&quot;: [
        { # [Output Only] Reasons why configuration.availabilitySLA.sla differs from
            # intent.availabilitySLA. This list is empty if and only if those are the
            # same.
          &quot;attachments&quot;: [ # [Output Only] URLs of any particular Attachments to explain this
              # blocker in more detail.
            &quot;A String&quot;,
          ],
          &quot;blockerType&quot;: &quot;A String&quot;,
          &quot;documentationLink&quot;: &quot;A String&quot;, # [Output Only] The url of Google Cloud public documentation explaining
              # this requirement. This is set for every type of requirement.
          &quot;explanation&quot;: &quot;A String&quot;, # [Output Only] A human-readable explanation of this requirement and
              # why it&#x27;s not met. This is set for every type of requirement.
          &quot;metros&quot;: [ # [Output Only] Metros used to explain this blocker in more detail.
              # These are three-letter lowercase strings like &quot;iad&quot;. This will be set
              # for some blockers (like NO_ATTACHMENTS_IN_METRO_AND_ZONE) but does
              # not apply to others.
            &quot;A String&quot;,
          ],
          &quot;regions&quot;: [ # [Output Only] Regions used to explain this blocker in more
              # detail. These are region names formatted like &quot;us-central1&quot;. This
              # will be set for some blockers (like INCOMPATIBLE_REGIONS) but does
              # not apply to others.
            &quot;A String&quot;,
          ],
          &quot;zones&quot;: [ # [Output Only] Zones used to explain this blocker in more detail.
              # Format is &quot;zone1&quot; and/or &quot;zone2&quot;. This will be set for some blockers
              # (like  MISSING_ZONE) but does not apply to others.
            &quot;A String&quot;,
          ],
        },
      ],
    },
  },
  &quot;creationTimestamp&quot;: &quot;A String&quot;, # [Output Only] Creation timestamp inRFC3339
      # text format.
  &quot;description&quot;: &quot;A String&quot;, # An optional description of this resource. Provide this property when you
      # create the resource.
  &quot;etag&quot;: &quot;A String&quot;, # Opaque system-generated token that uniquely identifies the configuration.
      # If provided when patching a configuration in update mode, the provided
      # token must match the current token or the update is rejected. This provides
      # a reliable means of doing read-modify-write (optimistic locking) as
      # described byAIP 154.
  &quot;id&quot;: &quot;A String&quot;, # [Output Only] The unique identifier for the resource type. The server
      # generates this identifier.
  &quot;intent&quot;: { # The user&#x27;s intent for this AttachmentGroup. This is the only required field
      # besides the name that must be specified on group creation.
    &quot;availabilitySla&quot;: &quot;A String&quot;,
  },
  &quot;interconnectGroup&quot;: &quot;A String&quot;, # The URL of an InterconnectGroup that groups these Attachments&#x27;
      # Interconnects. Customers do not need to set this unless directed by
      # Google Support.
  &quot;kind&quot;: &quot;compute#interconnectAttachmentGroup&quot;, # [Output Only] Type of the resource. Always
      # compute#interconnectAttachmentGroup.
  &quot;logicalStructure&quot;: { # [Output Only] An analysis of the logical layout of Attachments in this
      # group. Every Attachment in the group is shown once in this structure.
    &quot;regions&quot;: [
      { # [Output Only] The regions Attachments in this group are in.
        &quot;metros&quot;: [
          { # [Output Only] The metros of Attachments in this group in this region.
            &quot;facilities&quot;: [
              { # [Output Only] The facilities used for this group&#x27;s Attachments&#x27;
                  # Interconnects.
                &quot;facility&quot;: &quot;A String&quot;, # [Output Only] The name of a facility, like &quot;iad-1234&quot;.
                &quot;zones&quot;: [
                  { # [Output Only] The zones that Attachments in this group are present
                      # in, in the given facilities.  This is inherited from their
                      # Interconnects.
                    &quot;attachments&quot;: [ # [Output Only] URLs of Attachments in the given zone, to the given
                        # region, on Interconnects in the given facility and metro. Every
                        # Attachment in the AG has such an entry.
                      &quot;A String&quot;,
                    ],
                    &quot;zone&quot;: &quot;A String&quot;, # [Output Only] The name of a zone, either &quot;zone1&quot; or &quot;zone2&quot;.
                  },
                ],
              },
            ],
            &quot;metro&quot;: &quot;A String&quot;, # [Output Only] The name of the metro, as a three-letter lowercase
                # string like &quot;iad&quot;. This is the first component of the location of an
                # Interconnect.
          },
        ],
        &quot;region&quot;: &quot;A String&quot;, # [Output Only] The name of a region, like &quot;us-central1&quot;.
      },
    ],
  },
  &quot;name&quot;: &quot;A String&quot;, # Name of the resource. Provided by the client when the resource is created.
      # The name must be 1-63 characters long, and comply withRFC1035.
      # Specifically, the name must be 1-63 characters long and match the regular
      # expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first
      # character must be a lowercase letter, and all following characters must
      # be a dash, lowercase letter, or digit, except the last character, which
      # cannot be a dash.
  &quot;selfLink&quot;: &quot;A String&quot;, # [Output Only] Server-defined URL for the resource.
}

  requestId: string, An optional request ID to identify requests. Specify a unique request ID so
that if you must retry your request, the server will know to ignore the
request if it has already been completed.

For example, consider a situation where you make an initial request and
the request times out. If you make the request again with the same
request ID, the server can check if original operation with the same
request ID was received, and if so, will ignore the second request. This
prevents clients from accidentally creating duplicate commitments.

The request ID must be
a valid UUID with the exception that zero UUID is not supported
(00000000-0000-0000-0000-000000000000).
end_interface: MixerMutationRequestBuilder
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Represents an Operation resource.
    #
    # Google Compute Engine has three Operation resources:
    #
    # * [Global](/compute/docs/reference/rest/alpha/globalOperations)
    # * [Regional](/compute/docs/reference/rest/alpha/regionOperations)
    # * [Zonal](/compute/docs/reference/rest/alpha/zoneOperations)
    #
    # You can use an operation resource to manage asynchronous API requests.
    # For more information, readHandling
    # API responses.
    #
    # Operations can be global, regional or zonal.
    #
    #    - For global operations, use the `globalOperations`
    #    resource.
    #    - For regional operations, use the
    #    `regionOperations` resource.
    #    - For zonal operations, use
    #    the `zoneOperations` resource.
    #
    #
    #
    # For more information, read
    # Global, Regional, and Zonal Resources.
    #
    # Note that completed Operation resources have a limited
    # retention period.
  &quot;clientOperationId&quot;: &quot;A String&quot;, # [Output Only] The value of `requestId` if you provided it in the request.
      # Not present otherwise.
  &quot;creationTimestamp&quot;: &quot;A String&quot;, # [Deprecated] This field is deprecated.
  &quot;description&quot;: &quot;A String&quot;, # [Output Only] A textual description of the operation, which is
      # set when the operation is created.
  &quot;endTime&quot;: &quot;A String&quot;, # [Output Only] The time that this operation was completed. This value is inRFC3339
      # text format.
  &quot;error&quot;: { # [Output Only] If errors are generated during processing of the operation,
      # this field will be populated.
    &quot;errors&quot;: [ # [Output Only] The array of errors encountered while processing this
        # operation.
      {
        &quot;code&quot;: &quot;A String&quot;, # [Output Only] The error type identifier for this error.
        &quot;errorDetails&quot;: [ # [Output Only] An optional list of messages that contain the error
            # details. There is a set of defined message types to use for providing
            # details.The syntax depends on the error code. For example,
            # QuotaExceededInfo will have details when the error code is
            # QUOTA_EXCEEDED.
          {
            &quot;errorInfo&quot;: { # Describes the cause of the error with structured details.
                #
                # Example of an error when contacting the &quot;pubsub.googleapis.com&quot; API when it
                # is not enabled:
                #
                #     { &quot;reason&quot;: &quot;API_DISABLED&quot;
                #       &quot;domain&quot;: &quot;googleapis.com&quot;
                #       &quot;metadata&quot;: {
                #         &quot;resource&quot;: &quot;projects/123&quot;,
                #         &quot;service&quot;: &quot;pubsub.googleapis.com&quot;
                #       }
                #     }
                #
                # This response indicates that the pubsub.googleapis.com API is not enabled.
                #
                # Example of an error that is returned when attempting to create a Spanner
                # instance in a region that is out of stock:
                #
                #     { &quot;reason&quot;: &quot;STOCKOUT&quot;
                #       &quot;domain&quot;: &quot;spanner.googleapis.com&quot;,
                #       &quot;metadata&quot;: {
                #         &quot;availableRegions&quot;: &quot;us-central1,us-east2&quot;
                #       }
                #     }
              &quot;domain&quot;: &quot;A String&quot;, # The logical grouping to which the &quot;reason&quot; belongs. The error domain
                  # is typically the registered service name of the tool or product that
                  # generates the error. Example: &quot;pubsub.googleapis.com&quot;. If the error is
                  # generated by some common infrastructure, the error domain must be a
                  # globally unique value that identifies the infrastructure. For Google API
                  # infrastructure, the error domain is &quot;googleapis.com&quot;.
              &quot;metadatas&quot;: { # Additional structured details about this error.
                  #
                  # Keys must match a regular expression of `a-z+` but should
                  # ideally be lowerCamelCase. Also, they must be limited to 64 characters in
                  # length. When identifying the current value of an exceeded limit, the units
                  # should be contained in the key, not the value.  For example, rather than
                  # `{&quot;instanceLimit&quot;: &quot;100/request&quot;}`, should be returned as,
                  # `{&quot;instanceLimitPerRequest&quot;: &quot;100&quot;}`, if the client exceeds the number of
                  # instances that can be created in a single (batch) request.
                &quot;a_key&quot;: &quot;A String&quot;,
              },
              &quot;reason&quot;: &quot;A String&quot;, # The reason of the error. This is a constant value that identifies the
                  # proximate cause of the error. Error reasons are unique within a particular
                  # domain of errors. This should be at most 63 characters and match a
                  # regular expression of `A-Z+[A-Z0-9]`, which represents
                  # UPPER_SNAKE_CASE.
            },
            &quot;help&quot;: { # Provides links to documentation or for performing an out of band action.
                #
                # For example, if a quota check failed with an error indicating the calling
                # project hasn&#x27;t enabled the accessed service, this can contain a URL pointing
                # directly to the right place in the developer console to flip the bit.
              &quot;links&quot;: [ # URL(s) pointing to additional information on handling the current error.
                { # Describes a URL link.
                  &quot;description&quot;: &quot;A String&quot;, # Describes what the link offers.
                  &quot;url&quot;: &quot;A String&quot;, # The URL of the link.
                },
              ],
            },
            &quot;localizedMessage&quot;: { # Provides a localized error message that is safe to return to the user
                # which can be attached to an RPC error.
              &quot;locale&quot;: &quot;A String&quot;, # The locale used following the specification defined at
                  # https://www.rfc-editor.org/rfc/bcp/bcp47.txt.
                  # Examples are: &quot;en-US&quot;, &quot;fr-CH&quot;, &quot;es-MX&quot;
              &quot;message&quot;: &quot;A String&quot;, # The localized error message in the above locale.
            },
            &quot;quotaInfo&quot;: { # Additional details for quota exceeded error for resource quota.
              &quot;dimensions&quot;: { # The map holding related quota dimensions.
                &quot;a_key&quot;: &quot;A String&quot;,
              },
              &quot;futureLimit&quot;: 3.14, # Future quota limit being rolled out. The limit&#x27;s unit depends on the quota
                  #  type or metric.
              &quot;limit&quot;: 3.14, # Current effective quota limit. The limit&#x27;s unit depends on the quota type
                  # or metric.
              &quot;limitName&quot;: &quot;A String&quot;, # The name of the quota limit.
              &quot;metricName&quot;: &quot;A String&quot;, # The Compute Engine quota metric name.
              &quot;rolloutStatus&quot;: &quot;A String&quot;, # Rollout status of the future quota limit.
            },
          },
        ],
        &quot;location&quot;: &quot;A String&quot;, # [Output Only] Indicates the field in the request that caused the error.
            # This property is optional.
        &quot;message&quot;: &quot;A String&quot;, # [Output Only] An optional, human-readable error message.
      },
    ],
  },
  &quot;httpErrorMessage&quot;: &quot;A String&quot;, # [Output Only] If the operation fails, this field contains the HTTP error
      # message that was returned, such as `NOT FOUND`.
  &quot;httpErrorStatusCode&quot;: 42, # [Output Only] If the operation fails, this field contains the HTTP error
      # status code that was returned. For example, a `404` means the
      # resource was not found.
  &quot;id&quot;: &quot;A String&quot;, # [Output Only] The unique identifier for the operation. This identifier is
      # defined by the server.
  &quot;insertTime&quot;: &quot;A String&quot;, # [Output Only] The time that this operation was requested.
      # This value is inRFC3339
      # text format.
  &quot;instancesBulkInsertOperationMetadata&quot;: {
    &quot;perLocationStatus&quot;: { # Status information per location (location name is key).
        # Example key: zones/us-central1-a
      &quot;a_key&quot;: {
        &quot;createdVmCount&quot;: 42, # [Output Only] Count of VMs successfully created so far.
        &quot;deletedVmCount&quot;: 42, # [Output Only] Count of VMs that got deleted during rollback.
        &quot;failedToCreateVmCount&quot;: 42, # [Output Only] Count of VMs that started creating but encountered an
            # error.
        &quot;status&quot;: &quot;A String&quot;, # [Output Only] Creation status of BulkInsert operation - information
            # if the flow is rolling forward or rolling back.
        &quot;targetVmCount&quot;: 42, # [Output Only] Count of VMs originally planned to be created.
      },
    },
  },
  &quot;kind&quot;: &quot;compute#operation&quot;, # [Output Only] Type of the resource. Always `compute#operation` for
      # Operation resources.
  &quot;name&quot;: &quot;A String&quot;, # [Output Only] Name of the operation.
  &quot;operationGroupId&quot;: &quot;A String&quot;, # [Output Only] An ID that represents a group of operations, such as when a
      # group of operations results from a `bulkInsert` API request.
  &quot;operationType&quot;: &quot;A String&quot;, # [Output Only] The type of operation, such as `insert`,
      # `update`, or `delete`, and so on.
  &quot;progress&quot;: 42, # [Output Only] An optional progress indicator that ranges from 0 to 100.
      # There is no requirement that this be linear or support any granularity of
      # operations. This should not be used to guess when the operation will be
      # complete. This number should monotonically increase as the operation
      # progresses.
  &quot;region&quot;: &quot;A String&quot;, # [Output Only] The URL of the region where the operation resides. Only
      # applicable when performing regional operations.
  &quot;selfLink&quot;: &quot;A String&quot;, # [Output Only] Server-defined URL for the resource.
  &quot;selfLinkWithId&quot;: &quot;A String&quot;, # [Output Only] Server-defined URL for this resource with the resource id.
  &quot;setCommonInstanceMetadataOperationMetadata&quot;: { # [Output Only] If the operation is for projects.setCommonInstanceMetadata,
      # this field will contain information on all underlying zonal actions and
      # their state.
    &quot;clientOperationId&quot;: &quot;A String&quot;, # [Output Only] The client operation id.
    &quot;perLocationOperations&quot;: { # [Output Only] Status information per location (location name is key).
        # Example key: zones/us-central1-a
      &quot;a_key&quot;: {
        &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # [Output Only] If state is `ABANDONED` or `FAILED`, this field is
            # populated.
            # different programming environments, including REST APIs and RPC APIs. It is
            # used by [gRPC](https://github.com/grpc). Each `Status` message contains
            # three pieces of data: error code, error message, and error details.
            #
            # You can find out more about this error model and how to work with it in the
            # [API Design Guide](https://cloud.google.com/apis/design/errors).
          &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
          &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
              # message types for APIs to use.
            {
              &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
            },
          ],
          &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
              # user-facing error message should be localized and sent in the
              # google.rpc.Status.details field, or localized by the client.
        },
        &quot;state&quot;: &quot;A String&quot;, # [Output Only] Status of the action, which can be one of the following:
            # `PROPAGATING`, `PROPAGATED`, `ABANDONED`, `FAILED`, or `DONE`.
      },
    },
  },
  &quot;startTime&quot;: &quot;A String&quot;, # [Output Only] The time that this operation was started by the server.
      # This value is inRFC3339
      # text format.
  &quot;status&quot;: &quot;A String&quot;, # [Output Only] The status of the operation, which can be one of the
      # following:
      # `PENDING`, `RUNNING`, or `DONE`.
  &quot;statusMessage&quot;: &quot;A String&quot;, # [Output Only] An optional textual description of the current status of the
      # operation.
  &quot;targetId&quot;: &quot;A String&quot;, # [Output Only] The unique target ID, which identifies a specific incarnation
      # of the target resource.
  &quot;targetLink&quot;: &quot;A String&quot;, # [Output Only] The URL of the resource that the operation modifies. For
      # operations related to creating a snapshot, this points to the disk
      # that the snapshot was created from.
  &quot;user&quot;: &quot;A String&quot;, # [Output Only] User who requested the operation, for example:
      # `user@example.com` or
      # `alice_smith_identifier (global/workforcePools/example-com-us-employees)`.
  &quot;warnings&quot;: [ # [Output Only] If warning messages are generated during processing of the
      # operation, this field will be populated.
    {
      &quot;code&quot;: &quot;A String&quot;, # [Output Only] A warning code, if applicable. For example, Compute
          # Engine returns NO_RESULTS_ON_PAGE if there
          # are no results in the response.
      &quot;data&quot;: [ # [Output Only] Metadata about this warning in key:
          # value format. For example:
          #
          # &quot;data&quot;: [
          #   {
          #    &quot;key&quot;: &quot;scope&quot;,
          #    &quot;value&quot;: &quot;zones/us-east1-d&quot;
          #   }
        {
          &quot;key&quot;: &quot;A String&quot;, # [Output Only] A key that provides more detail on the warning being
              # returned. For example, for warnings where there are no results in a list
              # request for a particular zone, this key might be scope and
              # the key value might be the zone name. Other examples might be a key
              # indicating a deprecated resource and a suggested replacement, or a
              # warning about invalid network settings (for example, if an instance
              # attempts to perform IP forwarding but is not enabled for IP forwarding).
          &quot;value&quot;: &quot;A String&quot;, # [Output Only] A warning data value corresponding to the key.
        },
      ],
      &quot;message&quot;: &quot;A String&quot;, # [Output Only] A human-readable description of the warning code.
    },
  ],
  &quot;zone&quot;: &quot;A String&quot;, # [Output Only] The URL of the zone where the operation resides. Only
      # applicable when performing per-zone operations.
}</pre>
</div>

<div class="method">
    <code class="details" id="list">list(project, filter=None, maxResults=None, orderBy=None, pageToken=None, returnPartialSuccess=None, x__xgafv=None)</code>
  <pre>Lists the InterconnectAttachmentGroups for a project in the given scope.

Args:
  project: string, Project ID for this request. (required)
  filter: string, A filter expression that filters resources listed in the response. Most
Compute resources support two types of filter expressions:
expressions that support regular expressions and expressions that follow
API improvement proposal AIP-160.
These two types of filter expressions cannot be mixed in one request.

If you want to use AIP-160, your expression must specify the field name, an
operator, and the value that you want to use for filtering. The value
must be a string, a number, or a boolean. The operator
must be either `=`, `!=`, `&gt;`, `&lt;`, `&lt;=`, `&gt;=` or `:`.

For example, if you are filtering Compute Engine instances, you can
exclude instances named `example-instance` by specifying
`name != example-instance`.

The `:*` comparison can be used to test whether a key has been defined.
For example, to find all objects with `owner` label use:
```
labels.owner:*
```

You can also filter nested fields. For example, you could specify
`scheduling.automaticRestart = false` to include instances only
if they are not scheduled for automatic restarts. You can use filtering
on nested fields to filter based onresource labels.

To filter on multiple expressions, provide each separate expression within
parentheses. For example:
```
(scheduling.automaticRestart = true)
(cpuPlatform = &quot;Intel Skylake&quot;)
```
By default, each expression is an `AND` expression. However, you
can include `AND` and `OR` expressions explicitly.
For example:
```
(cpuPlatform = &quot;Intel Skylake&quot;) OR
(cpuPlatform = &quot;Intel Broadwell&quot;) AND
(scheduling.automaticRestart = true)
```

If you want to use a regular expression, use the `eq` (equal) or `ne`
(not equal) operator against a single un-parenthesized expression with or
without quotes or against multiple parenthesized expressions. Examples:

`fieldname eq unquoted literal`
`fieldname eq &#x27;single quoted literal&#x27;`
`fieldname eq &quot;double quoted literal&quot;`
`(fieldname1 eq literal) (fieldname2 ne &quot;literal&quot;)`

The literal value is interpreted as a regular expression using GoogleRE2 library syntax.
The literal value must match the entire field.

For example, to filter for instances that do not end with name &quot;instance&quot;,
you would use `name ne .*instance`.

You cannot combine constraints on multiple fields using regular
expressions.
  maxResults: integer, The maximum number of results per page that should be returned.
If the number of available results is larger than `maxResults`,
Compute Engine returns a `nextPageToken` that can be used to get
the next page of results in subsequent list requests. Acceptable values are
`0` to `500`, inclusive. (Default: `500`)
  orderBy: string, Sorts list results by a certain order. By default, results
are returned in alphanumerical order based on the resource name.

You can also sort results in descending order based on the creation
timestamp using `orderBy=&quot;creationTimestamp desc&quot;`. This sorts
results based on the `creationTimestamp` field in
reverse chronological order (newest result first). Use this to sort
resources like operations so that the newest operation is returned first.

Currently, only sorting by `name` or
`creationTimestamp desc` is supported.
  pageToken: string, Specifies a page token to use. Set `pageToken` to the
`nextPageToken` returned by a previous list request to get
the next page of results.
  returnPartialSuccess: boolean, Opt-in for partial success behavior which provides partial results in case
of failure. The default value is false.

For example, when partial success behavior is enabled, aggregatedList for a
single zone scope either returns all resources in the zone or no resources,
with an error code.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    {
  &quot;etag&quot;: &quot;A String&quot;,
  &quot;id&quot;: &quot;A String&quot;, # [Output Only] Unique identifier for the resource; defined by the server.
  &quot;items&quot;: [ # A list of InterconnectAttachmentGroup resources.
    { # An interconnect attachment group resource allows customers to create,
        # analyze, and expand highly available deployments.
      &quot;attachments&quot;: { # Attachments in the AttachmentGroup. Keys are arbitrary user-specified
          # strings. Users are encouraged, but not required, to use their preferred
          # format for resource links as keys.
          # Note that there are add-members and remove-members methods in gcloud.
          # The size of this map is limited by an &quot;Attachments per group&quot; quota.
        &quot;a_key&quot;: { # An Attachment in this AttachmentGroup.
          &quot;attachment&quot;: &quot;A String&quot;,
        },
      },
      &quot;configured&quot;: { # [Output Only] The redundancy this group is configured to support. The way a
          # user queries what SLA their Attachment gets is by looking at this field of
          # the Attachment&#x27;s AttachmentGroup.
        &quot;availabilitySla&quot;: { # [Output Only] Which SLA this group is configured to support, and why this
            # group does or does not meet that SLA&#x27;s requirements.
          &quot;effectiveSla&quot;: &quot;A String&quot;,
          &quot;intendedSlaBlockers&quot;: [
            { # [Output Only] Reasons why configuration.availabilitySLA.sla differs from
                # intent.availabilitySLA. This list is empty if and only if those are the
                # same.
              &quot;attachments&quot;: [ # [Output Only] URLs of any particular Attachments to explain this
                  # blocker in more detail.
                &quot;A String&quot;,
              ],
              &quot;blockerType&quot;: &quot;A String&quot;,
              &quot;documentationLink&quot;: &quot;A String&quot;, # [Output Only] The url of Google Cloud public documentation explaining
                  # this requirement. This is set for every type of requirement.
              &quot;explanation&quot;: &quot;A String&quot;, # [Output Only] A human-readable explanation of this requirement and
                  # why it&#x27;s not met. This is set for every type of requirement.
              &quot;metros&quot;: [ # [Output Only] Metros used to explain this blocker in more detail.
                  # These are three-letter lowercase strings like &quot;iad&quot;. This will be set
                  # for some blockers (like NO_ATTACHMENTS_IN_METRO_AND_ZONE) but does
                  # not apply to others.
                &quot;A String&quot;,
              ],
              &quot;regions&quot;: [ # [Output Only] Regions used to explain this blocker in more
                  # detail. These are region names formatted like &quot;us-central1&quot;. This
                  # will be set for some blockers (like INCOMPATIBLE_REGIONS) but does
                  # not apply to others.
                &quot;A String&quot;,
              ],
              &quot;zones&quot;: [ # [Output Only] Zones used to explain this blocker in more detail.
                  # Format is &quot;zone1&quot; and/or &quot;zone2&quot;. This will be set for some blockers
                  # (like  MISSING_ZONE) but does not apply to others.
                &quot;A String&quot;,
              ],
            },
          ],
        },
      },
      &quot;creationTimestamp&quot;: &quot;A String&quot;, # [Output Only] Creation timestamp inRFC3339
          # text format.
      &quot;description&quot;: &quot;A String&quot;, # An optional description of this resource. Provide this property when you
          # create the resource.
      &quot;etag&quot;: &quot;A String&quot;, # Opaque system-generated token that uniquely identifies the configuration.
          # If provided when patching a configuration in update mode, the provided
          # token must match the current token or the update is rejected. This provides
          # a reliable means of doing read-modify-write (optimistic locking) as
          # described byAIP 154.
      &quot;id&quot;: &quot;A String&quot;, # [Output Only] The unique identifier for the resource type. The server
          # generates this identifier.
      &quot;intent&quot;: { # The user&#x27;s intent for this AttachmentGroup. This is the only required field
          # besides the name that must be specified on group creation.
        &quot;availabilitySla&quot;: &quot;A String&quot;,
      },
      &quot;interconnectGroup&quot;: &quot;A String&quot;, # The URL of an InterconnectGroup that groups these Attachments&#x27;
          # Interconnects. Customers do not need to set this unless directed by
          # Google Support.
      &quot;kind&quot;: &quot;compute#interconnectAttachmentGroup&quot;, # [Output Only] Type of the resource. Always
          # compute#interconnectAttachmentGroup.
      &quot;logicalStructure&quot;: { # [Output Only] An analysis of the logical layout of Attachments in this
          # group. Every Attachment in the group is shown once in this structure.
        &quot;regions&quot;: [
          { # [Output Only] The regions Attachments in this group are in.
            &quot;metros&quot;: [
              { # [Output Only] The metros of Attachments in this group in this region.
                &quot;facilities&quot;: [
                  { # [Output Only] The facilities used for this group&#x27;s Attachments&#x27;
                      # Interconnects.
                    &quot;facility&quot;: &quot;A String&quot;, # [Output Only] The name of a facility, like &quot;iad-1234&quot;.
                    &quot;zones&quot;: [
                      { # [Output Only] The zones that Attachments in this group are present
                          # in, in the given facilities.  This is inherited from their
                          # Interconnects.
                        &quot;attachments&quot;: [ # [Output Only] URLs of Attachments in the given zone, to the given
                            # region, on Interconnects in the given facility and metro. Every
                            # Attachment in the AG has such an entry.
                          &quot;A String&quot;,
                        ],
                        &quot;zone&quot;: &quot;A String&quot;, # [Output Only] The name of a zone, either &quot;zone1&quot; or &quot;zone2&quot;.
                      },
                    ],
                  },
                ],
                &quot;metro&quot;: &quot;A String&quot;, # [Output Only] The name of the metro, as a three-letter lowercase
                    # string like &quot;iad&quot;. This is the first component of the location of an
                    # Interconnect.
              },
            ],
            &quot;region&quot;: &quot;A String&quot;, # [Output Only] The name of a region, like &quot;us-central1&quot;.
          },
        ],
      },
      &quot;name&quot;: &quot;A String&quot;, # Name of the resource. Provided by the client when the resource is created.
          # The name must be 1-63 characters long, and comply withRFC1035.
          # Specifically, the name must be 1-63 characters long and match the regular
          # expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first
          # character must be a lowercase letter, and all following characters must
          # be a dash, lowercase letter, or digit, except the last character, which
          # cannot be a dash.
      &quot;selfLink&quot;: &quot;A String&quot;, # [Output Only] Server-defined URL for the resource.
    },
  ],
  &quot;kind&quot;: &quot;compute#interconnectAttachmentGroup&quot;,
  &quot;nextPageToken&quot;: &quot;A String&quot;, # [Output Only] This token allows you to get the next page of results for
      # list requests. If the number of results is larger thanmaxResults, use the nextPageToken as a value for
      # the query parameter pageToken in the next list request.
      # Subsequent list requests will have their own nextPageToken to
      # continue paging through the results.
  &quot;selfLink&quot;: &quot;A String&quot;, # [Output Only] Server-defined URL for this resource.
  &quot;unreachables&quot;: [ # [Output Only] Unreachable resources.
      # end_interface:
      # MixerListResponseWithEtagBuilder
    &quot;A String&quot;,
  ],
  &quot;warning&quot;: { # [Output Only] Informational warning message.
    &quot;code&quot;: &quot;A String&quot;, # [Output Only] A warning code, if applicable. For example, Compute
        # Engine returns NO_RESULTS_ON_PAGE if there
        # are no results in the response.
    &quot;data&quot;: [ # [Output Only] Metadata about this warning in key:
        # value format. For example:
        #
        # &quot;data&quot;: [
        #   {
        #    &quot;key&quot;: &quot;scope&quot;,
        #    &quot;value&quot;: &quot;zones/us-east1-d&quot;
        #   }
      {
        &quot;key&quot;: &quot;A String&quot;, # [Output Only] A key that provides more detail on the warning being
            # returned. For example, for warnings where there are no results in a list
            # request for a particular zone, this key might be scope and
            # the key value might be the zone name. Other examples might be a key
            # indicating a deprecated resource and a suggested replacement, or a
            # warning about invalid network settings (for example, if an instance
            # attempts to perform IP forwarding but is not enabled for IP forwarding).
        &quot;value&quot;: &quot;A String&quot;, # [Output Only] A warning data value corresponding to the key.
      },
    ],
    &quot;message&quot;: &quot;A String&quot;, # [Output Only] A human-readable description of the warning code.
  },
}</pre>
</div>

<div class="method">
    <code class="details" id="list_next">list_next()</code>
  <pre>Retrieves the next page of results.

        Args:
          previous_request: The request for the previous page. (required)
          previous_response: The response from the request for the previous page. (required)

        Returns:
          A request object that you can call &#x27;execute()&#x27; on to request the next
          page. Returns None if there are no more items in the collection.
        </pre>
</div>

<div class="method">
    <code class="details" id="patch">patch(project, interconnectAttachmentGroup, body=None, requestId=None, updateMask=None, x__xgafv=None)</code>
  <pre>Patches the specified InterconnectAttachmentGroup resource with the data
included in the request. This method supports PATCH
semantics and usesJSON merge
patch format and processing rules.

Args:
  project: string, Project ID for this request. (required)
  interconnectAttachmentGroup: string, Name of the InterconnectAttachmentGroup resource to patch. (required)
  body: object, The request body.
    The object takes the form of:

{ # An interconnect attachment group resource allows customers to create,
    # analyze, and expand highly available deployments.
  &quot;attachments&quot;: { # Attachments in the AttachmentGroup. Keys are arbitrary user-specified
      # strings. Users are encouraged, but not required, to use their preferred
      # format for resource links as keys.
      # Note that there are add-members and remove-members methods in gcloud.
      # The size of this map is limited by an &quot;Attachments per group&quot; quota.
    &quot;a_key&quot;: { # An Attachment in this AttachmentGroup.
      &quot;attachment&quot;: &quot;A String&quot;,
    },
  },
  &quot;configured&quot;: { # [Output Only] The redundancy this group is configured to support. The way a
      # user queries what SLA their Attachment gets is by looking at this field of
      # the Attachment&#x27;s AttachmentGroup.
    &quot;availabilitySla&quot;: { # [Output Only] Which SLA this group is configured to support, and why this
        # group does or does not meet that SLA&#x27;s requirements.
      &quot;effectiveSla&quot;: &quot;A String&quot;,
      &quot;intendedSlaBlockers&quot;: [
        { # [Output Only] Reasons why configuration.availabilitySLA.sla differs from
            # intent.availabilitySLA. This list is empty if and only if those are the
            # same.
          &quot;attachments&quot;: [ # [Output Only] URLs of any particular Attachments to explain this
              # blocker in more detail.
            &quot;A String&quot;,
          ],
          &quot;blockerType&quot;: &quot;A String&quot;,
          &quot;documentationLink&quot;: &quot;A String&quot;, # [Output Only] The url of Google Cloud public documentation explaining
              # this requirement. This is set for every type of requirement.
          &quot;explanation&quot;: &quot;A String&quot;, # [Output Only] A human-readable explanation of this requirement and
              # why it&#x27;s not met. This is set for every type of requirement.
          &quot;metros&quot;: [ # [Output Only] Metros used to explain this blocker in more detail.
              # These are three-letter lowercase strings like &quot;iad&quot;. This will be set
              # for some blockers (like NO_ATTACHMENTS_IN_METRO_AND_ZONE) but does
              # not apply to others.
            &quot;A String&quot;,
          ],
          &quot;regions&quot;: [ # [Output Only] Regions used to explain this blocker in more
              # detail. These are region names formatted like &quot;us-central1&quot;. This
              # will be set for some blockers (like INCOMPATIBLE_REGIONS) but does
              # not apply to others.
            &quot;A String&quot;,
          ],
          &quot;zones&quot;: [ # [Output Only] Zones used to explain this blocker in more detail.
              # Format is &quot;zone1&quot; and/or &quot;zone2&quot;. This will be set for some blockers
              # (like  MISSING_ZONE) but does not apply to others.
            &quot;A String&quot;,
          ],
        },
      ],
    },
  },
  &quot;creationTimestamp&quot;: &quot;A String&quot;, # [Output Only] Creation timestamp inRFC3339
      # text format.
  &quot;description&quot;: &quot;A String&quot;, # An optional description of this resource. Provide this property when you
      # create the resource.
  &quot;etag&quot;: &quot;A String&quot;, # Opaque system-generated token that uniquely identifies the configuration.
      # If provided when patching a configuration in update mode, the provided
      # token must match the current token or the update is rejected. This provides
      # a reliable means of doing read-modify-write (optimistic locking) as
      # described byAIP 154.
  &quot;id&quot;: &quot;A String&quot;, # [Output Only] The unique identifier for the resource type. The server
      # generates this identifier.
  &quot;intent&quot;: { # The user&#x27;s intent for this AttachmentGroup. This is the only required field
      # besides the name that must be specified on group creation.
    &quot;availabilitySla&quot;: &quot;A String&quot;,
  },
  &quot;interconnectGroup&quot;: &quot;A String&quot;, # The URL of an InterconnectGroup that groups these Attachments&#x27;
      # Interconnects. Customers do not need to set this unless directed by
      # Google Support.
  &quot;kind&quot;: &quot;compute#interconnectAttachmentGroup&quot;, # [Output Only] Type of the resource. Always
      # compute#interconnectAttachmentGroup.
  &quot;logicalStructure&quot;: { # [Output Only] An analysis of the logical layout of Attachments in this
      # group. Every Attachment in the group is shown once in this structure.
    &quot;regions&quot;: [
      { # [Output Only] The regions Attachments in this group are in.
        &quot;metros&quot;: [
          { # [Output Only] The metros of Attachments in this group in this region.
            &quot;facilities&quot;: [
              { # [Output Only] The facilities used for this group&#x27;s Attachments&#x27;
                  # Interconnects.
                &quot;facility&quot;: &quot;A String&quot;, # [Output Only] The name of a facility, like &quot;iad-1234&quot;.
                &quot;zones&quot;: [
                  { # [Output Only] The zones that Attachments in this group are present
                      # in, in the given facilities.  This is inherited from their
                      # Interconnects.
                    &quot;attachments&quot;: [ # [Output Only] URLs of Attachments in the given zone, to the given
                        # region, on Interconnects in the given facility and metro. Every
                        # Attachment in the AG has such an entry.
                      &quot;A String&quot;,
                    ],
                    &quot;zone&quot;: &quot;A String&quot;, # [Output Only] The name of a zone, either &quot;zone1&quot; or &quot;zone2&quot;.
                  },
                ],
              },
            ],
            &quot;metro&quot;: &quot;A String&quot;, # [Output Only] The name of the metro, as a three-letter lowercase
                # string like &quot;iad&quot;. This is the first component of the location of an
                # Interconnect.
          },
        ],
        &quot;region&quot;: &quot;A String&quot;, # [Output Only] The name of a region, like &quot;us-central1&quot;.
      },
    ],
  },
  &quot;name&quot;: &quot;A String&quot;, # Name of the resource. Provided by the client when the resource is created.
      # The name must be 1-63 characters long, and comply withRFC1035.
      # Specifically, the name must be 1-63 characters long and match the regular
      # expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first
      # character must be a lowercase letter, and all following characters must
      # be a dash, lowercase letter, or digit, except the last character, which
      # cannot be a dash.
  &quot;selfLink&quot;: &quot;A String&quot;, # [Output Only] Server-defined URL for the resource.
}

  requestId: string, An optional request ID to identify requests. Specify a unique request ID so
that if you must retry your request, the server will know to ignore the
request if it has already been completed.

For example, consider a situation where you make an initial request and
the request times out. If you make the request again with the same
request ID, the server can check if original operation with the same
request ID was received, and if so, will ignore the second request. This
prevents clients from accidentally creating duplicate commitments.

The request ID must be
a valid UUID with the exception that zero UUID is not supported
(00000000-0000-0000-0000-000000000000).
end_interface: MixerMutationRequestBuilder
  updateMask: string, The list of fields to update.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Represents an Operation resource.
    #
    # Google Compute Engine has three Operation resources:
    #
    # * [Global](/compute/docs/reference/rest/alpha/globalOperations)
    # * [Regional](/compute/docs/reference/rest/alpha/regionOperations)
    # * [Zonal](/compute/docs/reference/rest/alpha/zoneOperations)
    #
    # You can use an operation resource to manage asynchronous API requests.
    # For more information, readHandling
    # API responses.
    #
    # Operations can be global, regional or zonal.
    #
    #    - For global operations, use the `globalOperations`
    #    resource.
    #    - For regional operations, use the
    #    `regionOperations` resource.
    #    - For zonal operations, use
    #    the `zoneOperations` resource.
    #
    #
    #
    # For more information, read
    # Global, Regional, and Zonal Resources.
    #
    # Note that completed Operation resources have a limited
    # retention period.
  &quot;clientOperationId&quot;: &quot;A String&quot;, # [Output Only] The value of `requestId` if you provided it in the request.
      # Not present otherwise.
  &quot;creationTimestamp&quot;: &quot;A String&quot;, # [Deprecated] This field is deprecated.
  &quot;description&quot;: &quot;A String&quot;, # [Output Only] A textual description of the operation, which is
      # set when the operation is created.
  &quot;endTime&quot;: &quot;A String&quot;, # [Output Only] The time that this operation was completed. This value is inRFC3339
      # text format.
  &quot;error&quot;: { # [Output Only] If errors are generated during processing of the operation,
      # this field will be populated.
    &quot;errors&quot;: [ # [Output Only] The array of errors encountered while processing this
        # operation.
      {
        &quot;code&quot;: &quot;A String&quot;, # [Output Only] The error type identifier for this error.
        &quot;errorDetails&quot;: [ # [Output Only] An optional list of messages that contain the error
            # details. There is a set of defined message types to use for providing
            # details.The syntax depends on the error code. For example,
            # QuotaExceededInfo will have details when the error code is
            # QUOTA_EXCEEDED.
          {
            &quot;errorInfo&quot;: { # Describes the cause of the error with structured details.
                #
                # Example of an error when contacting the &quot;pubsub.googleapis.com&quot; API when it
                # is not enabled:
                #
                #     { &quot;reason&quot;: &quot;API_DISABLED&quot;
                #       &quot;domain&quot;: &quot;googleapis.com&quot;
                #       &quot;metadata&quot;: {
                #         &quot;resource&quot;: &quot;projects/123&quot;,
                #         &quot;service&quot;: &quot;pubsub.googleapis.com&quot;
                #       }
                #     }
                #
                # This response indicates that the pubsub.googleapis.com API is not enabled.
                #
                # Example of an error that is returned when attempting to create a Spanner
                # instance in a region that is out of stock:
                #
                #     { &quot;reason&quot;: &quot;STOCKOUT&quot;
                #       &quot;domain&quot;: &quot;spanner.googleapis.com&quot;,
                #       &quot;metadata&quot;: {
                #         &quot;availableRegions&quot;: &quot;us-central1,us-east2&quot;
                #       }
                #     }
              &quot;domain&quot;: &quot;A String&quot;, # The logical grouping to which the &quot;reason&quot; belongs. The error domain
                  # is typically the registered service name of the tool or product that
                  # generates the error. Example: &quot;pubsub.googleapis.com&quot;. If the error is
                  # generated by some common infrastructure, the error domain must be a
                  # globally unique value that identifies the infrastructure. For Google API
                  # infrastructure, the error domain is &quot;googleapis.com&quot;.
              &quot;metadatas&quot;: { # Additional structured details about this error.
                  #
                  # Keys must match a regular expression of `a-z+` but should
                  # ideally be lowerCamelCase. Also, they must be limited to 64 characters in
                  # length. When identifying the current value of an exceeded limit, the units
                  # should be contained in the key, not the value.  For example, rather than
                  # `{&quot;instanceLimit&quot;: &quot;100/request&quot;}`, should be returned as,
                  # `{&quot;instanceLimitPerRequest&quot;: &quot;100&quot;}`, if the client exceeds the number of
                  # instances that can be created in a single (batch) request.
                &quot;a_key&quot;: &quot;A String&quot;,
              },
              &quot;reason&quot;: &quot;A String&quot;, # The reason of the error. This is a constant value that identifies the
                  # proximate cause of the error. Error reasons are unique within a particular
                  # domain of errors. This should be at most 63 characters and match a
                  # regular expression of `A-Z+[A-Z0-9]`, which represents
                  # UPPER_SNAKE_CASE.
            },
            &quot;help&quot;: { # Provides links to documentation or for performing an out of band action.
                #
                # For example, if a quota check failed with an error indicating the calling
                # project hasn&#x27;t enabled the accessed service, this can contain a URL pointing
                # directly to the right place in the developer console to flip the bit.
              &quot;links&quot;: [ # URL(s) pointing to additional information on handling the current error.
                { # Describes a URL link.
                  &quot;description&quot;: &quot;A String&quot;, # Describes what the link offers.
                  &quot;url&quot;: &quot;A String&quot;, # The URL of the link.
                },
              ],
            },
            &quot;localizedMessage&quot;: { # Provides a localized error message that is safe to return to the user
                # which can be attached to an RPC error.
              &quot;locale&quot;: &quot;A String&quot;, # The locale used following the specification defined at
                  # https://www.rfc-editor.org/rfc/bcp/bcp47.txt.
                  # Examples are: &quot;en-US&quot;, &quot;fr-CH&quot;, &quot;es-MX&quot;
              &quot;message&quot;: &quot;A String&quot;, # The localized error message in the above locale.
            },
            &quot;quotaInfo&quot;: { # Additional details for quota exceeded error for resource quota.
              &quot;dimensions&quot;: { # The map holding related quota dimensions.
                &quot;a_key&quot;: &quot;A String&quot;,
              },
              &quot;futureLimit&quot;: 3.14, # Future quota limit being rolled out. The limit&#x27;s unit depends on the quota
                  #  type or metric.
              &quot;limit&quot;: 3.14, # Current effective quota limit. The limit&#x27;s unit depends on the quota type
                  # or metric.
              &quot;limitName&quot;: &quot;A String&quot;, # The name of the quota limit.
              &quot;metricName&quot;: &quot;A String&quot;, # The Compute Engine quota metric name.
              &quot;rolloutStatus&quot;: &quot;A String&quot;, # Rollout status of the future quota limit.
            },
          },
        ],
        &quot;location&quot;: &quot;A String&quot;, # [Output Only] Indicates the field in the request that caused the error.
            # This property is optional.
        &quot;message&quot;: &quot;A String&quot;, # [Output Only] An optional, human-readable error message.
      },
    ],
  },
  &quot;httpErrorMessage&quot;: &quot;A String&quot;, # [Output Only] If the operation fails, this field contains the HTTP error
      # message that was returned, such as `NOT FOUND`.
  &quot;httpErrorStatusCode&quot;: 42, # [Output Only] If the operation fails, this field contains the HTTP error
      # status code that was returned. For example, a `404` means the
      # resource was not found.
  &quot;id&quot;: &quot;A String&quot;, # [Output Only] The unique identifier for the operation. This identifier is
      # defined by the server.
  &quot;insertTime&quot;: &quot;A String&quot;, # [Output Only] The time that this operation was requested.
      # This value is inRFC3339
      # text format.
  &quot;instancesBulkInsertOperationMetadata&quot;: {
    &quot;perLocationStatus&quot;: { # Status information per location (location name is key).
        # Example key: zones/us-central1-a
      &quot;a_key&quot;: {
        &quot;createdVmCount&quot;: 42, # [Output Only] Count of VMs successfully created so far.
        &quot;deletedVmCount&quot;: 42, # [Output Only] Count of VMs that got deleted during rollback.
        &quot;failedToCreateVmCount&quot;: 42, # [Output Only] Count of VMs that started creating but encountered an
            # error.
        &quot;status&quot;: &quot;A String&quot;, # [Output Only] Creation status of BulkInsert operation - information
            # if the flow is rolling forward or rolling back.
        &quot;targetVmCount&quot;: 42, # [Output Only] Count of VMs originally planned to be created.
      },
    },
  },
  &quot;kind&quot;: &quot;compute#operation&quot;, # [Output Only] Type of the resource. Always `compute#operation` for
      # Operation resources.
  &quot;name&quot;: &quot;A String&quot;, # [Output Only] Name of the operation.
  &quot;operationGroupId&quot;: &quot;A String&quot;, # [Output Only] An ID that represents a group of operations, such as when a
      # group of operations results from a `bulkInsert` API request.
  &quot;operationType&quot;: &quot;A String&quot;, # [Output Only] The type of operation, such as `insert`,
      # `update`, or `delete`, and so on.
  &quot;progress&quot;: 42, # [Output Only] An optional progress indicator that ranges from 0 to 100.
      # There is no requirement that this be linear or support any granularity of
      # operations. This should not be used to guess when the operation will be
      # complete. This number should monotonically increase as the operation
      # progresses.
  &quot;region&quot;: &quot;A String&quot;, # [Output Only] The URL of the region where the operation resides. Only
      # applicable when performing regional operations.
  &quot;selfLink&quot;: &quot;A String&quot;, # [Output Only] Server-defined URL for the resource.
  &quot;selfLinkWithId&quot;: &quot;A String&quot;, # [Output Only] Server-defined URL for this resource with the resource id.
  &quot;setCommonInstanceMetadataOperationMetadata&quot;: { # [Output Only] If the operation is for projects.setCommonInstanceMetadata,
      # this field will contain information on all underlying zonal actions and
      # their state.
    &quot;clientOperationId&quot;: &quot;A String&quot;, # [Output Only] The client operation id.
    &quot;perLocationOperations&quot;: { # [Output Only] Status information per location (location name is key).
        # Example key: zones/us-central1-a
      &quot;a_key&quot;: {
        &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # [Output Only] If state is `ABANDONED` or `FAILED`, this field is
            # populated.
            # different programming environments, including REST APIs and RPC APIs. It is
            # used by [gRPC](https://github.com/grpc). Each `Status` message contains
            # three pieces of data: error code, error message, and error details.
            #
            # You can find out more about this error model and how to work with it in the
            # [API Design Guide](https://cloud.google.com/apis/design/errors).
          &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
          &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
              # message types for APIs to use.
            {
              &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
            },
          ],
          &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
              # user-facing error message should be localized and sent in the
              # google.rpc.Status.details field, or localized by the client.
        },
        &quot;state&quot;: &quot;A String&quot;, # [Output Only] Status of the action, which can be one of the following:
            # `PROPAGATING`, `PROPAGATED`, `ABANDONED`, `FAILED`, or `DONE`.
      },
    },
  },
  &quot;startTime&quot;: &quot;A String&quot;, # [Output Only] The time that this operation was started by the server.
      # This value is inRFC3339
      # text format.
  &quot;status&quot;: &quot;A String&quot;, # [Output Only] The status of the operation, which can be one of the
      # following:
      # `PENDING`, `RUNNING`, or `DONE`.
  &quot;statusMessage&quot;: &quot;A String&quot;, # [Output Only] An optional textual description of the current status of the
      # operation.
  &quot;targetId&quot;: &quot;A String&quot;, # [Output Only] The unique target ID, which identifies a specific incarnation
      # of the target resource.
  &quot;targetLink&quot;: &quot;A String&quot;, # [Output Only] The URL of the resource that the operation modifies. For
      # operations related to creating a snapshot, this points to the disk
      # that the snapshot was created from.
  &quot;user&quot;: &quot;A String&quot;, # [Output Only] User who requested the operation, for example:
      # `user@example.com` or
      # `alice_smith_identifier (global/workforcePools/example-com-us-employees)`.
  &quot;warnings&quot;: [ # [Output Only] If warning messages are generated during processing of the
      # operation, this field will be populated.
    {
      &quot;code&quot;: &quot;A String&quot;, # [Output Only] A warning code, if applicable. For example, Compute
          # Engine returns NO_RESULTS_ON_PAGE if there
          # are no results in the response.
      &quot;data&quot;: [ # [Output Only] Metadata about this warning in key:
          # value format. For example:
          #
          # &quot;data&quot;: [
          #   {
          #    &quot;key&quot;: &quot;scope&quot;,
          #    &quot;value&quot;: &quot;zones/us-east1-d&quot;
          #   }
        {
          &quot;key&quot;: &quot;A String&quot;, # [Output Only] A key that provides more detail on the warning being
              # returned. For example, for warnings where there are no results in a list
              # request for a particular zone, this key might be scope and
              # the key value might be the zone name. Other examples might be a key
              # indicating a deprecated resource and a suggested replacement, or a
              # warning about invalid network settings (for example, if an instance
              # attempts to perform IP forwarding but is not enabled for IP forwarding).
          &quot;value&quot;: &quot;A String&quot;, # [Output Only] A warning data value corresponding to the key.
        },
      ],
      &quot;message&quot;: &quot;A String&quot;, # [Output Only] A human-readable description of the warning code.
    },
  ],
  &quot;zone&quot;: &quot;A String&quot;, # [Output Only] The URL of the zone where the operation resides. Only
      # applicable when performing per-zone operations.
}</pre>
</div>

<div class="method">
    <code class="details" id="setIamPolicy">setIamPolicy(project, resource, body=None, x__xgafv=None)</code>
  <pre>Sets the access control policy on the specified resource.
Replaces any existing policy.

Args:
  project: string, Project ID for this request. (required)
  resource: string, Name or id of the resource for this request. (required)
  body: object, The request body.
    The object takes the form of:

{
  &quot;bindings&quot;: [ # Flatten Policy to create a backward compatible wire-format.
      # Deprecated. Use &#x27;policy&#x27; to specify bindings.
    { # Associates `members`, or principals, with a `role`.
      &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
          #
          # If the condition evaluates to `true`, then this binding applies to the
          # current request.
          #
          # If the condition evaluates to `false`, then this binding does not apply to
          # the current request. However, a different role binding might grant the same
          # role to one or more of the principals in this binding.
          #
          # To learn which resources support conditions in their IAM policies, see the
          # [IAM
          # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
          # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
          # are documented at https://github.com/google/cel-spec.
          #
          # Example (Comparison):
          #
          #     title: &quot;Summary size limit&quot;
          #     description: &quot;Determines if a summary is less than 100 chars&quot;
          #     expression: &quot;document.summary.size() &lt; 100&quot;
          #
          # Example (Equality):
          #
          #     title: &quot;Requestor is owner&quot;
          #     description: &quot;Determines if requestor is the document owner&quot;
          #     expression: &quot;document.owner == request.auth.claims.email&quot;
          #
          # Example (Logic):
          #
          #     title: &quot;Public documents&quot;
          #     description: &quot;Determine whether the document should be publicly visible&quot;
          #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
          #
          # Example (Data Manipulation):
          #
          #     title: &quot;Notification string&quot;
          #     description: &quot;Create a notification string with a timestamp.&quot;
          #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
          #
          # The exact variables and functions that may be referenced within an expression
          # are determined by the service that evaluates it. See the service
          # documentation for additional information.
        &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
            # describes the expression, e.g. when hovered over it in a UI.
        &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
            # syntax.
        &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
            # reporting, e.g. a file name and a position in the file.
        &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
            # its purpose. This can be used e.g. in UIs which allow to enter the
            # expression.
      },
      &quot;members&quot;: [ # Specifies the principals requesting access for a Google Cloud resource.
          # `members` can have the following values:
          #
          # * `allUsers`: A special identifier that represents anyone who is
          #    on the internet; with or without a Google account.
          #
          # * `allAuthenticatedUsers`: A special identifier that represents anyone
          #    who is authenticated with a Google account or a service account.
          #    Does not include identities that come from external identity providers
          #    (IdPs) through identity federation.
          #
          # * `user:{emailid}`: An email address that represents a specific Google
          #    account. For example, `alice@example.com` .
          #
          #
          # * `serviceAccount:{emailid}`: An email address that represents a Google
          #    service account. For example,
          #    `my-other-app@appspot.gserviceaccount.com`.
          #
          # * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An
          #    identifier for a
          #    [Kubernetes service
          #    account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
          #    For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
          #
          # * `group:{emailid}`: An email address that represents a Google group.
          #    For example, `admins@example.com`.
          #
          #
          # * `domain:{domain}`: The G Suite domain (primary) that represents all the
          #    users of that domain. For example, `google.com` or `example.com`.
          #
          #
          #
          #
          # * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
          #   A single identity in a workforce identity pool.
          #
          # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
          #   All workforce identities in a group.
          #
          # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`:
          #   All workforce identities with a specific attribute value.
          #
          # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`:
          #   All identities in a workforce identity pool.
          #
          # * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`:
          #   A single identity in a workload identity pool.
          #
          # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`:
          #   A workload identity pool group.
          #
          # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`:
          #   All identities in a workload identity pool with a certain attribute.
          #
          # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`:
          #   All identities in a workload identity pool.
          #
          # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
          #    identifier) representing a user that has been recently deleted. For
          #    example, `alice@example.com?uid=123456789012345678901`. If the user is
          #    recovered, this value reverts to `user:{emailid}` and the recovered user
          #    retains the role in the binding.
          #
          # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
          #    unique identifier) representing a service account that has been recently
          #    deleted. For example,
          #    `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
          #    If the service account is undeleted, this value reverts to
          #    `serviceAccount:{emailid}` and the undeleted service account retains the
          #    role in the binding.
          #
          # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
          #    identifier) representing a Google group that has been recently
          #    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
          #    the group is recovered, this value reverts to `group:{emailid}` and the
          #    recovered group retains the role in the binding.
          #
          # * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
          #   Deleted single identity in a workforce identity pool. For example,
          #   `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
        &quot;A String&quot;,
      ],
      &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to the list of `members`, or principals.
          # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
          #
          # For an overview of the IAM roles and permissions, see the
          # [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For
          # a list of the available pre-defined roles, see
          # [here](https://cloud.google.com/iam/docs/understanding-roles).
    },
  ],
  &quot;etag&quot;: &quot;A String&quot;, # Flatten Policy to create a backward compatible wire-format.
      # Deprecated. Use &#x27;policy&#x27; to specify the etag.
  &quot;policy&quot;: { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the &#x27;resource&#x27;. The size of
      # the policy is limited to a few 10s of KB. An empty policy is in general a
      # valid policy but certain services (like Projects) might reject them.
      # controls for Google Cloud resources.
      #
      #
      # A `Policy` is a collection of `bindings`. A `binding` binds one or more
      # `members`, or principals, to a single `role`. Principals can be user
      # accounts, service accounts, Google groups, and domains (such as G Suite). A
      # `role` is a named list of permissions; each `role` can be an IAM predefined
      # role or a user-created custom role.
      #
      # For some types of Google Cloud resources, a `binding` can also specify a
      # `condition`, which is a logical expression that allows access to a resource
      # only if the expression evaluates to `true`. A condition can add constraints
      # based on attributes of the request, the resource, or both. To learn which
      # resources support conditions in their IAM policies, see the
      # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
      #
      # **JSON example:**
      #
      # ```
      #     {
      #       &quot;bindings&quot;: [
      #         {
      #           &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
      #           &quot;members&quot;: [
      #             &quot;user:mike@example.com&quot;,
      #             &quot;group:admins@example.com&quot;,
      #             &quot;domain:google.com&quot;,
      #             &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
      #           ]
      #         },
      #         {
      #           &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
      #           &quot;members&quot;: [
      #             &quot;user:eve@example.com&quot;
      #           ],
      #           &quot;condition&quot;: {
      #             &quot;title&quot;: &quot;expirable access&quot;,
      #             &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
      #             &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
      #           }
      #         }
      #       ],
      #       &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
      #       &quot;version&quot;: 3
      #     }
      # ```
      #
      # **YAML example:**
      #
      # ```
      #     bindings:
      #     - members:
      #       - user:mike@example.com
      #       - group:admins@example.com
      #       - domain:google.com
      #       - serviceAccount:my-project-id@appspot.gserviceaccount.com
      #       role: roles/resourcemanager.organizationAdmin
      #     - members:
      #       - user:eve@example.com
      #       role: roles/resourcemanager.organizationViewer
      #       condition:
      #         title: expirable access
      #         description: Does not grant access after Sep 2020
      #         expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
      #     etag: BwWWja0YfJA=
      #     version: 3
      # ```
      #
      # For a description of IAM and its features, see the
      # [IAM documentation](https://cloud.google.com/iam/docs/).
    &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
      { # Specifies the audit configuration for a service.
          # The configuration determines which permission types are logged, and what
          # identities, if any, are exempted from logging.
          # An AuditConfig must have one or more AuditLogConfigs.
          #
          # If there are AuditConfigs for both `allServices` and a specific service,
          # the union of the two AuditConfigs is used for that service: the log_types
          # specified in each AuditConfig are enabled, and the exempted_members in each
          # AuditLogConfig are exempted.
          #
          # Example Policy with multiple AuditConfigs:
          #
          #     {
          #       &quot;audit_configs&quot;: [
          #         {
          #           &quot;service&quot;: &quot;allServices&quot;,
          #           &quot;audit_log_configs&quot;: [
          #             {
          #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
          #               &quot;exempted_members&quot;: [
          #                 &quot;user:jose@example.com&quot;
          #               ]
          #             },
          #             {
          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;
          #             },
          #             {
          #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;
          #             }
          #           ]
          #         },
          #         {
          #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;,
          #           &quot;audit_log_configs&quot;: [
          #             {
          #               &quot;log_type&quot;: &quot;DATA_READ&quot;
          #             },
          #             {
          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
          #               &quot;exempted_members&quot;: [
          #                 &quot;user:aliya@example.com&quot;
          #               ]
          #             }
          #           ]
          #         }
          #       ]
          #     }
          #
          # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
          # logging. It also exempts `jose@example.com` from DATA_READ logging, and
          # `aliya@example.com` from DATA_WRITE logging.
        &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
          { # Provides the configuration for logging a type of permissions.
              # Example:
              #
              #     {
              #       &quot;audit_log_configs&quot;: [
              #         {
              #           &quot;log_type&quot;: &quot;DATA_READ&quot;,
              #           &quot;exempted_members&quot;: [
              #             &quot;user:jose@example.com&quot;
              #           ]
              #         },
              #         {
              #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;
              #         }
              #       ]
              #     }
              #
              # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
              # jose@example.com from DATA_READ logging.
            &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
                # permission.
                # Follows the same format of Binding.members.
              &quot;A String&quot;,
            ],
            &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
          },
        ],
        &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
            # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
            # `allServices` is a special value that covers all services.
      },
    ],
    &quot;bindings&quot;: [ # Associates a list of `members`, or principals, with a `role`. Optionally,
        # may specify a `condition` that determines how and when the `bindings` are
        # applied. Each of the `bindings` must contain at least one principal.
        #
        # The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
        # of these principals can be Google groups. Each occurrence of a principal
        # counts towards these limits. For example, if the `bindings` grant 50
        # different roles to `user:alice@example.com`, and not to any other
        # principal, then you can add another 1,450 principals to the `bindings` in
        # the `Policy`.
      { # Associates `members`, or principals, with a `role`.
        &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
            #
            # If the condition evaluates to `true`, then this binding applies to the
            # current request.
            #
            # If the condition evaluates to `false`, then this binding does not apply to
            # the current request. However, a different role binding might grant the same
            # role to one or more of the principals in this binding.
            #
            # To learn which resources support conditions in their IAM policies, see the
            # [IAM
            # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
            # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
            # are documented at https://github.com/google/cel-spec.
            #
            # Example (Comparison):
            #
            #     title: &quot;Summary size limit&quot;
            #     description: &quot;Determines if a summary is less than 100 chars&quot;
            #     expression: &quot;document.summary.size() &lt; 100&quot;
            #
            # Example (Equality):
            #
            #     title: &quot;Requestor is owner&quot;
            #     description: &quot;Determines if requestor is the document owner&quot;
            #     expression: &quot;document.owner == request.auth.claims.email&quot;
            #
            # Example (Logic):
            #
            #     title: &quot;Public documents&quot;
            #     description: &quot;Determine whether the document should be publicly visible&quot;
            #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
            #
            # Example (Data Manipulation):
            #
            #     title: &quot;Notification string&quot;
            #     description: &quot;Create a notification string with a timestamp.&quot;
            #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
            #
            # The exact variables and functions that may be referenced within an expression
            # are determined by the service that evaluates it. See the service
            # documentation for additional information.
          &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
              # describes the expression, e.g. when hovered over it in a UI.
          &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
              # syntax.
          &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
              # reporting, e.g. a file name and a position in the file.
          &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
              # its purpose. This can be used e.g. in UIs which allow to enter the
              # expression.
        },
        &quot;members&quot;: [ # Specifies the principals requesting access for a Google Cloud resource.
            # `members` can have the following values:
            #
            # * `allUsers`: A special identifier that represents anyone who is
            #    on the internet; with or without a Google account.
            #
            # * `allAuthenticatedUsers`: A special identifier that represents anyone
            #    who is authenticated with a Google account or a service account.
            #    Does not include identities that come from external identity providers
            #    (IdPs) through identity federation.
            #
            # * `user:{emailid}`: An email address that represents a specific Google
            #    account. For example, `alice@example.com` .
            #
            #
            # * `serviceAccount:{emailid}`: An email address that represents a Google
            #    service account. For example,
            #    `my-other-app@appspot.gserviceaccount.com`.
            #
            # * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An
            #    identifier for a
            #    [Kubernetes service
            #    account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
            #    For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
            #
            # * `group:{emailid}`: An email address that represents a Google group.
            #    For example, `admins@example.com`.
            #
            #
            # * `domain:{domain}`: The G Suite domain (primary) that represents all the
            #    users of that domain. For example, `google.com` or `example.com`.
            #
            #
            #
            #
            # * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
            #   A single identity in a workforce identity pool.
            #
            # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
            #   All workforce identities in a group.
            #
            # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`:
            #   All workforce identities with a specific attribute value.
            #
            # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`:
            #   All identities in a workforce identity pool.
            #
            # * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`:
            #   A single identity in a workload identity pool.
            #
            # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`:
            #   A workload identity pool group.
            #
            # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`:
            #   All identities in a workload identity pool with a certain attribute.
            #
            # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`:
            #   All identities in a workload identity pool.
            #
            # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
            #    identifier) representing a user that has been recently deleted. For
            #    example, `alice@example.com?uid=123456789012345678901`. If the user is
            #    recovered, this value reverts to `user:{emailid}` and the recovered user
            #    retains the role in the binding.
            #
            # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
            #    unique identifier) representing a service account that has been recently
            #    deleted. For example,
            #    `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
            #    If the service account is undeleted, this value reverts to
            #    `serviceAccount:{emailid}` and the undeleted service account retains the
            #    role in the binding.
            #
            # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
            #    identifier) representing a Google group that has been recently
            #    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
            #    the group is recovered, this value reverts to `group:{emailid}` and the
            #    recovered group retains the role in the binding.
            #
            # * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
            #   Deleted single identity in a workforce identity pool. For example,
            #   `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
          &quot;A String&quot;,
        ],
        &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to the list of `members`, or principals.
            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
            #
            # For an overview of the IAM roles and permissions, see the
            # [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For
            # a list of the available pre-defined roles, see
            # [here](https://cloud.google.com/iam/docs/understanding-roles).
      },
    ],
    &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
        # prevent simultaneous updates of a policy from overwriting each other.
        # It is strongly suggested that systems make use of the `etag` in the
        # read-modify-write cycle to perform policy updates in order to avoid race
        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
        # systems are expected to put that etag in the request to `setIamPolicy` to
        # ensure that their change will be applied to the same version of the policy.
        #
        # **Important:** If you use IAM Conditions, you must include the `etag` field
        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
        # you to overwrite a version `3` policy with a version `1` policy, and all of
        # the conditions in the version `3` policy are lost.
    &quot;version&quot;: 42, # Specifies the format of the policy.
        #
        # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
        # are rejected.
        #
        # Any operation that affects conditional role bindings must specify version
        # `3`. This requirement applies to the following operations:
        #
        # * Getting a policy that includes a conditional role binding
        # * Adding a conditional role binding to a policy
        # * Changing a conditional role binding in a policy
        # * Removing any role binding, with or without a condition, from a policy
        #   that includes conditions
        #
        # **Important:** If you use IAM Conditions, you must include the `etag` field
        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
        # you to overwrite a version `3` policy with a version `1` policy, and all of
        # the conditions in the version `3` policy are lost.
        #
        # If a policy does not include any conditions, operations on that policy may
        # specify any valid version or leave the field unset.
        #
        # To learn which resources support conditions in their IAM policies, see the
        # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
  },
}

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # An Identity and Access Management (IAM) policy, which specifies access
    # controls for Google Cloud resources.
    #
    #
    # A `Policy` is a collection of `bindings`. A `binding` binds one or more
    # `members`, or principals, to a single `role`. Principals can be user
    # accounts, service accounts, Google groups, and domains (such as G Suite). A
    # `role` is a named list of permissions; each `role` can be an IAM predefined
    # role or a user-created custom role.
    #
    # For some types of Google Cloud resources, a `binding` can also specify a
    # `condition`, which is a logical expression that allows access to a resource
    # only if the expression evaluates to `true`. A condition can add constraints
    # based on attributes of the request, the resource, or both. To learn which
    # resources support conditions in their IAM policies, see the
    # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
    #
    # **JSON example:**
    #
    # ```
    #     {
    #       &quot;bindings&quot;: [
    #         {
    #           &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
    #           &quot;members&quot;: [
    #             &quot;user:mike@example.com&quot;,
    #             &quot;group:admins@example.com&quot;,
    #             &quot;domain:google.com&quot;,
    #             &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
    #           ]
    #         },
    #         {
    #           &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
    #           &quot;members&quot;: [
    #             &quot;user:eve@example.com&quot;
    #           ],
    #           &quot;condition&quot;: {
    #             &quot;title&quot;: &quot;expirable access&quot;,
    #             &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
    #             &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
    #           }
    #         }
    #       ],
    #       &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
    #       &quot;version&quot;: 3
    #     }
    # ```
    #
    # **YAML example:**
    #
    # ```
    #     bindings:
    #     - members:
    #       - user:mike@example.com
    #       - group:admins@example.com
    #       - domain:google.com
    #       - serviceAccount:my-project-id@appspot.gserviceaccount.com
    #       role: roles/resourcemanager.organizationAdmin
    #     - members:
    #       - user:eve@example.com
    #       role: roles/resourcemanager.organizationViewer
    #       condition:
    #         title: expirable access
    #         description: Does not grant access after Sep 2020
    #         expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
    #     etag: BwWWja0YfJA=
    #     version: 3
    # ```
    #
    # For a description of IAM and its features, see the
    # [IAM documentation](https://cloud.google.com/iam/docs/).
  &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
    { # Specifies the audit configuration for a service.
        # The configuration determines which permission types are logged, and what
        # identities, if any, are exempted from logging.
        # An AuditConfig must have one or more AuditLogConfigs.
        #
        # If there are AuditConfigs for both `allServices` and a specific service,
        # the union of the two AuditConfigs is used for that service: the log_types
        # specified in each AuditConfig are enabled, and the exempted_members in each
        # AuditLogConfig are exempted.
        #
        # Example Policy with multiple AuditConfigs:
        #
        #     {
        #       &quot;audit_configs&quot;: [
        #         {
        #           &quot;service&quot;: &quot;allServices&quot;,
        #           &quot;audit_log_configs&quot;: [
        #             {
        #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
        #               &quot;exempted_members&quot;: [
        #                 &quot;user:jose@example.com&quot;
        #               ]
        #             },
        #             {
        #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;
        #             },
        #             {
        #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;
        #             }
        #           ]
        #         },
        #         {
        #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;,
        #           &quot;audit_log_configs&quot;: [
        #             {
        #               &quot;log_type&quot;: &quot;DATA_READ&quot;
        #             },
        #             {
        #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
        #               &quot;exempted_members&quot;: [
        #                 &quot;user:aliya@example.com&quot;
        #               ]
        #             }
        #           ]
        #         }
        #       ]
        #     }
        #
        # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
        # logging. It also exempts `jose@example.com` from DATA_READ logging, and
        # `aliya@example.com` from DATA_WRITE logging.
      &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
        { # Provides the configuration for logging a type of permissions.
            # Example:
            #
            #     {
            #       &quot;audit_log_configs&quot;: [
            #         {
            #           &quot;log_type&quot;: &quot;DATA_READ&quot;,
            #           &quot;exempted_members&quot;: [
            #             &quot;user:jose@example.com&quot;
            #           ]
            #         },
            #         {
            #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;
            #         }
            #       ]
            #     }
            #
            # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
            # jose@example.com from DATA_READ logging.
          &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
              # permission.
              # Follows the same format of Binding.members.
            &quot;A String&quot;,
          ],
          &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
        },
      ],
      &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
          # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
          # `allServices` is a special value that covers all services.
    },
  ],
  &quot;bindings&quot;: [ # Associates a list of `members`, or principals, with a `role`. Optionally,
      # may specify a `condition` that determines how and when the `bindings` are
      # applied. Each of the `bindings` must contain at least one principal.
      #
      # The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250
      # of these principals can be Google groups. Each occurrence of a principal
      # counts towards these limits. For example, if the `bindings` grant 50
      # different roles to `user:alice@example.com`, and not to any other
      # principal, then you can add another 1,450 principals to the `bindings` in
      # the `Policy`.
    { # Associates `members`, or principals, with a `role`.
      &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
          #
          # If the condition evaluates to `true`, then this binding applies to the
          # current request.
          #
          # If the condition evaluates to `false`, then this binding does not apply to
          # the current request. However, a different role binding might grant the same
          # role to one or more of the principals in this binding.
          #
          # To learn which resources support conditions in their IAM policies, see the
          # [IAM
          # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
          # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
          # are documented at https://github.com/google/cel-spec.
          #
          # Example (Comparison):
          #
          #     title: &quot;Summary size limit&quot;
          #     description: &quot;Determines if a summary is less than 100 chars&quot;
          #     expression: &quot;document.summary.size() &lt; 100&quot;
          #
          # Example (Equality):
          #
          #     title: &quot;Requestor is owner&quot;
          #     description: &quot;Determines if requestor is the document owner&quot;
          #     expression: &quot;document.owner == request.auth.claims.email&quot;
          #
          # Example (Logic):
          #
          #     title: &quot;Public documents&quot;
          #     description: &quot;Determine whether the document should be publicly visible&quot;
          #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
          #
          # Example (Data Manipulation):
          #
          #     title: &quot;Notification string&quot;
          #     description: &quot;Create a notification string with a timestamp.&quot;
          #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
          #
          # The exact variables and functions that may be referenced within an expression
          # are determined by the service that evaluates it. See the service
          # documentation for additional information.
        &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
            # describes the expression, e.g. when hovered over it in a UI.
        &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
            # syntax.
        &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
            # reporting, e.g. a file name and a position in the file.
        &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
            # its purpose. This can be used e.g. in UIs which allow to enter the
            # expression.
      },
      &quot;members&quot;: [ # Specifies the principals requesting access for a Google Cloud resource.
          # `members` can have the following values:
          #
          # * `allUsers`: A special identifier that represents anyone who is
          #    on the internet; with or without a Google account.
          #
          # * `allAuthenticatedUsers`: A special identifier that represents anyone
          #    who is authenticated with a Google account or a service account.
          #    Does not include identities that come from external identity providers
          #    (IdPs) through identity federation.
          #
          # * `user:{emailid}`: An email address that represents a specific Google
          #    account. For example, `alice@example.com` .
          #
          #
          # * `serviceAccount:{emailid}`: An email address that represents a Google
          #    service account. For example,
          #    `my-other-app@appspot.gserviceaccount.com`.
          #
          # * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An
          #    identifier for a
          #    [Kubernetes service
          #    account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
          #    For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`.
          #
          # * `group:{emailid}`: An email address that represents a Google group.
          #    For example, `admins@example.com`.
          #
          #
          # * `domain:{domain}`: The G Suite domain (primary) that represents all the
          #    users of that domain. For example, `google.com` or `example.com`.
          #
          #
          #
          #
          # * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
          #   A single identity in a workforce identity pool.
          #
          # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
          #   All workforce identities in a group.
          #
          # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`:
          #   All workforce identities with a specific attribute value.
          #
          # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`:
          #   All identities in a workforce identity pool.
          #
          # * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`:
          #   A single identity in a workload identity pool.
          #
          # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`:
          #   A workload identity pool group.
          #
          # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`:
          #   All identities in a workload identity pool with a certain attribute.
          #
          # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`:
          #   All identities in a workload identity pool.
          #
          # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
          #    identifier) representing a user that has been recently deleted. For
          #    example, `alice@example.com?uid=123456789012345678901`. If the user is
          #    recovered, this value reverts to `user:{emailid}` and the recovered user
          #    retains the role in the binding.
          #
          # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
          #    unique identifier) representing a service account that has been recently
          #    deleted. For example,
          #    `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
          #    If the service account is undeleted, this value reverts to
          #    `serviceAccount:{emailid}` and the undeleted service account retains the
          #    role in the binding.
          #
          # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
          #    identifier) representing a Google group that has been recently
          #    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
          #    the group is recovered, this value reverts to `group:{emailid}` and the
          #    recovered group retains the role in the binding.
          #
          # * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
          #   Deleted single identity in a workforce identity pool. For example,
          #   `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
        &quot;A String&quot;,
      ],
      &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to the list of `members`, or principals.
          # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
          #
          # For an overview of the IAM roles and permissions, see the
          # [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For
          # a list of the available pre-defined roles, see
          # [here](https://cloud.google.com/iam/docs/understanding-roles).
    },
  ],
  &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
      # prevent simultaneous updates of a policy from overwriting each other.
      # It is strongly suggested that systems make use of the `etag` in the
      # read-modify-write cycle to perform policy updates in order to avoid race
      # conditions: An `etag` is returned in the response to `getIamPolicy`, and
      # systems are expected to put that etag in the request to `setIamPolicy` to
      # ensure that their change will be applied to the same version of the policy.
      #
      # **Important:** If you use IAM Conditions, you must include the `etag` field
      # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
      # you to overwrite a version `3` policy with a version `1` policy, and all of
      # the conditions in the version `3` policy are lost.
  &quot;version&quot;: 42, # Specifies the format of the policy.
      #
      # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
      # are rejected.
      #
      # Any operation that affects conditional role bindings must specify version
      # `3`. This requirement applies to the following operations:
      #
      # * Getting a policy that includes a conditional role binding
      # * Adding a conditional role binding to a policy
      # * Changing a conditional role binding in a policy
      # * Removing any role binding, with or without a condition, from a policy
      #   that includes conditions
      #
      # **Important:** If you use IAM Conditions, you must include the `etag` field
      # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
      # you to overwrite a version `3` policy with a version `1` policy, and all of
      # the conditions in the version `3` policy are lost.
      #
      # If a policy does not include any conditions, operations on that policy may
      # specify any valid version or leave the field unset.
      #
      # To learn which resources support conditions in their IAM policies, see the
      # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
}</pre>
</div>

<div class="method">
    <code class="details" id="testIamPermissions">testIamPermissions(project, resource, body=None, x__xgafv=None)</code>
  <pre>Returns permissions that a caller has on the specified resource.

Args:
  project: string, Project ID for this request. (required)
  resource: string, Name or id of the resource for this request. (required)
  body: object, The request body.
    The object takes the form of:

{
  &quot;permissions&quot;: [ # The set of permissions to check for the &#x27;resource&#x27;. Permissions with
      # wildcards (such as &#x27;*&#x27; or &#x27;storage.*&#x27;) are not allowed.
    &quot;A String&quot;,
  ],
}

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    {
  &quot;permissions&quot;: [ # A subset of `TestPermissionsRequest.permissions` that the caller is
      # allowed.
    &quot;A String&quot;,
  ],
}</pre>
</div>

</body></html>